Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
Analysis ID:1396268
MD5:412b746e17540448a98a952b5eb29744
SHA1:684a4276f34154fe2773f1afb095ad26a19e1823
SHA256:9f121f9e36a53eb08ff86c94cf9678245d0c1d56670118d44351bea52e74aec7
Tags:exe
Infos:

Detection

Amadey, RisePro Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Amadeys stealer DLL
Yara detected RisePro Stealer
Binary is likely a compiled AutoIt script file
Creates multiple autostart registry keys
Downloads suspicious files via Chrome
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found iframes
Found potential string decryption / allocating functions
HTML body contains low number of good links
HTML body contains password input but no form action
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Use Short Name Path in Command Line
Sleep loop found (likely to delay execution)
Steals Internet Explorer cookies
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe (PID: 7148 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe MD5: 412B746E17540448A98A952B5EB29744)
    • schtasks.exe (PID: 6600 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 1340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 5608 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • S7SZCszMQx8n9dmoMncg.exe (PID: 8056 cmdline: "C:\Users\user~1\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe" MD5: 17FEBB6CBC56CF10917289FA796F1554)
      • chrome.exe (PID: 8100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/ MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • chrome.exe (PID: 420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1912,i,14123316736380451074,15008792521962585165,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 8136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • chrome.exe (PID: 4432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1900,i,12042421020142427047,15786954676034076756,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 5420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • chrome.exe (PID: 8304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,17548813359493007476,4145100225753045264,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 8412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/ MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • chrome.exe (PID: 8732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1960,i,1618289422158722010,7429834957061146292,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • msedge.exe (PID: 8860 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 9508 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2064,i,3932159021268247471,17896344974051134979,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 8916 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 9480 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2064,i,13272552955058679350,15913954508286482383,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 9080 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 9744 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1076 --field-trial-handle=1440,i,723544732951361242,13798842814435574485,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • chrome.exe (PID: 5204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 9308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 9836 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • firefox.exe (PID: 9228 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 6152 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 10012 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • schtasks.exe (PID: 9328 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 9728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 9704 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 9872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • MPGPH131.exe (PID: 4644 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 412B746E17540448A98A952B5EB29744)
  • MPGPH131.exe (PID: 6936 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 412B746E17540448A98A952B5EB29744)
  • RageMP131.exe (PID: 7740 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 412B746E17540448A98A952B5EB29744)
  • RageMP131.exe (PID: 8560 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 412B746E17540448A98A952B5EB29744)
  • msedge.exe (PID: 9736 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.facebook.com/video MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 10188 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=1988,i,4751795589634086725,15677866470349412690,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • MSIUpdaterV131.exe (PID: 9312 cmdline: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe MD5: 07D7F9FCE107448C2D383A87DE39AFB2)
  • firefox.exe (PID: 10660 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 10828 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 10772 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 10892 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\wX6zn8pyLt2gpUsQYjkpSFK.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
    C:\Users\user\AppData\Local\Temp\KbzYBQQ8rannFYWu8sfJ5n4.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000002E.00000003.1644044585.0000000004B00000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        0000002E.00000002.1768331607.0000000000481000.00000040.00000001.01000000.0000000B.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          Process Memory Space: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe PID: 7148JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: MPGPH131.exe PID: 4644JoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
              Process Memory Space: RageMP131.exe PID: 7740JoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
                Click to see the 1 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                46.2.MSIUpdaterV131.exe.480000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: CurrentVersion Autorun Keys Modification
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, ProcessId: 7148, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RageMP131
                  Sigma detected: Startup Folder File Write
                  Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, ProcessId: 7148, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS131.lnk
                  Sigma detected: Use Short Name Path in Command Line
                  Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe, ParentCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, ParentProcessId: 7148, ParentProcessName: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe" , ProcessId: 8056, ProcessName: S7SZCszMQx8n9dmoMncg.exe

                  Snort Signatures

                  No Snort rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for URL or domain
                  Source: http://185.215.113.46/ferences.SourceAumid03pAvira URL Cloud: Label: malware
                  Source: http://185.215.113.46/cost/fu.exeQDAvira URL Cloud: Label: malware
                  Source: http://185.215.113.46/mine/plaza.exeFAvira URL Cloud: Label: malware
                  Source: http://185.215.113.46/mine/plaza.exe32Avira URL Cloud: Label: malware
                  Source: http://185.215.113.46/mine/plaza.exeAvira URL Cloud: Label: malware
                  Source: http://185.215.113.46/mine/plaza.exe9Avira URL Cloud: Label: malware
                  Source: http://185.215.113.46/mine/plaza.exe0Avira URL Cloud: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                  Multi AV Scanner detection for dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeReversingLabs: Detection: 55%
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\fu[1].exeReversingLabs: Detection: 23%
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\fu[2].exeReversingLabs: Detection: 23%
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeReversingLabs: Detection: 55%
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeReversingLabs: Detection: 23%
                  Source: C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\x5MiuJIGTLsEg19UprNr.exeReversingLabs: Detection: 23%
                  Multi AV Scanner detection for submitted file
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeReversingLabs: Detection: 55%
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exeJoe Sandbox ML: detected
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeJoe Sandbox ML: detected
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B7FFC0 CryptUnprotectData,CryptUnprotectData,0_2_00B7FFC0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0010FEE0 CryptUnprotectData,CryptUnprotectData,11_2_0010FEE0
                  Source: https://www.linkedin.com/loginHTTP Parser: Iframe src: https://lnkd.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.linkedin.com
                  Source: https://www.linkedin.com/loginHTTP Parser: Iframe src: https://lnkd.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.linkedin.com
                  Source: https://www.linkedin.com/loginHTTP Parser: Iframe src: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_748271_422186&as=IqVeAPH%2Bm6nomQCq0uVQgQ&hl=en_US
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=595438066&timestamp=1708533701207
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: Iframe src: /_/bscframe
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=595438066&timestamp=1708533701207
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: Iframe src: /_/bscframe
                  Source: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_748271_422186&as=IqVeAPH%2Bm6nomQCq0uVQgQ&hl=en_USHTTP Parser: Number of links: 0
                  Source: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_747903_953409&as=U7gaTkKqt2fDQIz54gb9cw&hl=en_USHTTP Parser: Number of links: 0
                  Source: https://www.linkedin.com/loginHTTP Parser: <input type="password" .../> found but no <form action="...
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: <input type="password" .../> found but no <form action="...
                  Source: https://www.linkedin.com/loginHTTP Parser: <input type="password" .../> found
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: <input type="password" .../> found
                  Source: https://www.facebook.com/videoHTTP Parser: <input type="password" .../> found
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: No favicon
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: No favicon
                  Source: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_748271_422186&as=IqVeAPH%2Bm6nomQCq0uVQgQ&hl=en_USHTTP Parser: No favicon
                  Source: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_747903_953409&as=U7gaTkKqt2fDQIz54gb9cw&hl=en_USHTTP Parser: No favicon
                  Source: https://www.linkedin.com/loginHTTP Parser: No <meta name="author".. found
                  Source: https://www.linkedin.com/loginHTTP Parser: No <meta name="author".. found
                  Source: https://www.linkedin.com/loginHTTP Parser: No <meta name="author".. found
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: No <meta name="author".. found
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: No <meta name="author".. found
                  Source: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_748271_422186&as=IqVeAPH%2Bm6nomQCq0uVQgQ&hl=en_USHTTP Parser: No <meta name="author".. found
                  Source: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_747903_953409&as=U7gaTkKqt2fDQIz54gb9cw&hl=en_USHTTP Parser: No <meta name="author".. found
                  Source: https://www.facebook.com/videoHTTP Parser: No <meta name="author".. found
                  Source: https://www.facebook.com/videoHTTP Parser: No <meta name="author".. found
                  Source: https://www.linkedin.com/loginHTTP Parser: No <meta name="copyright".. found
                  Source: https://www.linkedin.com/loginHTTP Parser: No <meta name="copyright".. found
                  Source: https://www.linkedin.com/loginHTTP Parser: No <meta name="copyright".. found
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: No <meta name="copyright".. found
                  Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=glifHTTP Parser: No <meta name="copyright".. found
                  Source: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_748271_422186&as=IqVeAPH%2Bm6nomQCq0uVQgQ&hl=en_USHTTP Parser: No <meta name="copyright".. found
                  Source: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=302&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_747903_953409&as=U7gaTkKqt2fDQIz54gb9cw&hl=en_USHTTP Parser: No <meta name="copyright".. found
                  Source: https://www.facebook.com/videoHTTP Parser: No <meta name="copyright".. found
                  Source: https://www.facebook.com/videoHTTP Parser: No <meta name="copyright".. found
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B6C050 FindFirstFileA,FindNextFileA,SetFileAttributesA,RemoveDirectoryA,__Mtx_unlock,0_2_00B6C050
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C3B4E5 FindFirstFileExW,0_2_00C3B4E5
                  Source: firefox.exeMemory has grown: Private usage: 0MB later: 93MB
                  Source: Joe Sandbox ViewIP Address: 13.107.6.158 13.107.6.158
                  Source: Joe Sandbox ViewIP Address: 204.79.197.200 204.79.197.200
                  Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
                  Source: Joe Sandbox ViewIP Address: 185.215.113.46 185.215.113.46
                  Source: Joe Sandbox ViewIP Address: 185.215.113.46 185.215.113.46
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0010DBB0 recv,WSAStartup,closesocket,socket,connect,closesocket,11_2_0010DBB0
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
                  Source: firefox.exe, 0000002A.00000002.1529534068.0000012EDE730000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com$ equals www.youtube.com (Youtube)
                  Source: firefox.exe, 0000002A.00000002.1529534068.0000012EDE730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.comf equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2191545548.000001743A09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/moc.ebutuoy.www. equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.comq| equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.1529575192.000001E6B4D50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000031.00000002.1638000127.000001B6B9140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevation equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000033.00000002.1795232525.0000024BF5F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.comJ8 equals www.youtube.com (Youtube)
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: &_https://www.facebook.com equals www.facebook.com (Facebook)
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: '_https://www.facebook.c equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
                  Source: firefox.exe, 00000032.00000003.2282724194.000001743505E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: .S........[tlsflags0x00000000]www.youtube.com:443 <ROUTE-via www.youtube.com:443> {NPN-TOKEN h3}^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001048000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2108579496.0000000001015000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 0_https://www.facebook.com equals www.facebook.com (Facebook)
                  Source: firefox.exe, 0000002A.00000003.1524762647.0000012EDE758000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000003.1524317566.0000012EDE74C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.1529534068.0000012EDE759000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 0`0https://www.youtube.com --attempting-deelevationUser equals www.youtube.com (Youtube)
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001048000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2108579496.0000000001015000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 17085335249620_https://www.facebook.com equals www.facebook.com (Facebook)
                  Source: firefox.exe, 0000002C.00000002.1530625136.000001E6B67F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 7n7https://www.facebook.com/video --attempting-deelevationUser equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.2259841751.000001743508D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2282724194.000001743505E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8:https://www.youtube.com/ equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2272383937.0000017434484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8http://www.facebook.com/ equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.2288293817.0000017434495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2271431431.0000017434492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2271431431.0000017434495000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.1780318822.0000017429FEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2272383937.0000017434484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/video equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.2286735878.0000017434FE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2288293817.0000017434495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2270611053.00000174344C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2286735878.0000017434FE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2260489323.0000017434FE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1830642290.00000174280DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.2259841751.000001743508D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2282724194.000001743505E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: :https://www.youtube.com/ equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2274339930.0000017434299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: </script><link rel="preload" href="https://i.ytimg.com/generate_204" as="fetch"><link as="script" rel="preload" href="https://www.youtube.com/s/desktop/87423d78/jsbin/desktop_polymer.vflset/desktop_polymer.js" nonce="ebaNv4SnOYIPkYhWeuH7aw"><script src="https://www.youtube.com/s/desktop/87423d78/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js" nonce="ebaNv4SnOYIPkYhWeuH7aw"></script><script src="https://www.youtube.com/s/desktop/87423d78/jsbin/custom-elements-es5-adapter.vflset/c equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: </script><link rel="preload" href="https://i.ytimg.com/generate_204" as="fetch"><link as="script" rel="preload" href="https://www.youtube.com/s/desktop/87423d78/jsbin/desktop_polymer.vflset/desktop_polymer.js" nonce="ebaNv4SnOYIPkYhWeuH7aw"><script src="https://www.youtube.com/s/desktop/87423d78/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js" nonce="ebaNv4SnOYIPkYhWeuH7aw"></script><script src="https://www.youtube.com/s/desktop/87423d78/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js" nonce="ebaNv4SnOYIPkYhWeuH7aw"></script><script src="https://www.youtube.com/s/desktop/87423d78/jsbin/webcomponents-sd.vflset/webcomponents-sd.js" nonce="ebaNv4SnOYIPkYhWeuH7aw"></script><script src="https://www.youtube.com/s/desktop/87423d78/jsbin/intersection-observer.min.vflset/intersection-observer.min.js" nonce="ebaNv4SnOYIPkYhWeuH7aw"></script><script nonce="ebaNv4SnOYIPkYhWeuH7aw">if (window.ytcsi) {window.ytcsi.tick('lpcs', null, '');}</script><script nonce="ebaNv4SnOYIPkYhWeuH7aw">(function() {window.ytplayer={}; equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2186694794.000001743A178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: </script><script nonce="ebaNv4SnOYIPkYhWeuH7aw">if (window.ytcsi) {window.ytcsi.tick('lpcf', null, '');}</script><script src="https://www.youtube.com/s/desktop/87423d78/jsbin/scheduler.vflset/scheduler.js" nonce="ebaNv4SnOYIPkYhWeuH7aw"></script><script src="https://www.youtube.com/s/desktop/87423d78/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js" nonce="ebaNv4SnOYIPkYhWeuH7aw"></script><script src="https://www.youtube.com/s/desktop/87423d78/jsbin/www-tampering.vflset/www-tampering.js" nonce="ebaNv4SnOYIPkYhWeuH7aw"></script><script src="https://www.youtube.com/s/desktop/87423d78/jsbin/spf.vflset/spf.js" nonce="ebaNv4SnOYIPkYhWeuH7aw"></script><script nonce="ebaNv4SnOYIPkYhWeuH7aw">if(window["_spf_state"])window["_spf_state"].config={"assume-all-json-requests-chunked":true}; equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000033.00000002.1888020329.0000024BF77A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.comMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user~1\AppData\Local\TempTMP=C:\Users\user~1\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsm equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.1625246931.000001742B6F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.facebook.com/videoMOZ_CRASHREPORTER_RESTART_ARG_2=--attempting-deelevationMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user~1\AppData\Local\TempTMP=C:\Users\user~1\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\WindowsMALLOC_OPTIONS=r equals www.facebook.com (Facebook)
                  Source: firefox.exe, 0000002C.00000002.1529575192.000001E6B4D50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.facebook.com/video equals www.facebook.com (Facebook)
                  Source: firefox.exe, 0000002A.00000002.1529534068.0000012EDE730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com% equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000031.00000002.1638000127.000001B6B9140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com--attempting-deelevation equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.comm equals www.youtube.com (Youtube)
                  Source: firefox.exe, 0000002C.00000002.1529575192.000001E6B4D50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user~1\AppData\Local\Temp\heidiP2OuO4KF0LZU\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/videoC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.facebook.com (Facebook)
                  Source: firefox.exe, 0000002A.00000002.1529534068.0000012EDE730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user~1\AppData\Local\Temp\heidiP2OuO4KF0LZU\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.comC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default" equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000031.00000002.1638000127.000001B6B9140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.comC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default` equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000033.00000002.1888020329.0000024BF77A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Files(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.comNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user~1\AppData\Local\TempTMP=C:\Users\user~1\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsr equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.1780318822.0000017429FDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ghttps://www.facebook.com equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.2288717124.00000174342C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273905301.00000174342BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Host: www.youtube.com equals www.youtube.com (Youtube)
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001015000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: META:https://www.facebook.co equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000033.00000002.1795232525.0000024BF5F08000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.comt(H=# equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2281663425.00000174380BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2257756030.00000174380BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Mtlsflags0x00000000:www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2260489323.0000017434FC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/ equals www.youtube.com (Youtube)
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001015000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: VERSIONMETA:https://www.facebook.co equals www.facebook.com (Facebook)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Visited: user@https://www.linkedin.com/loging equals www.linkedin.com (Linkedin)
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: __test__1708533520563&_https://www.facebook.com equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.2287898290.000001743496B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2287778296.0000017434972000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2266094784.000001743496B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: about:certerror?e=nssBadCert&u=https%3A//www.facebook.com/video&c=UTF-8&d=%20 equals www.facebook.com (Facebook)
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: check_quota'_https://www.facebook.c equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.2268953742.000001743477C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273500469.0000017434420000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: e=nssBadCert&u=https%3A//www.facebook.com/video&c=UTF-8&d=%20 equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000033.00000002.1888020329.0000024BF77A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: efox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.comNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDrive equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2272383937.0000017434484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.2288293817.0000017434495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2271431431.0000017434492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2271431431.0000017434495000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/video equals www.facebook.com (Facebook)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/video! equals www.facebook.com (Facebook)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/video> equals www.facebook.com (Facebook)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/videoP equals www.facebook.com (Facebook)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/videop equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.1841801010.00001EEDE3B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.comZ equals www.facebook.com (Facebook)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/login equals www.linkedin.com (Linkedin)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/login[i equals www.linkedin.com (Linkedin)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/login_ equals www.linkedin.com (Linkedin)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2161338280.0000017435182000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2286735878.0000017434FE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/# equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/7D. equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/E equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ls.k equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com2 equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2267014054.00000174347F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com9C$t equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com> equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comW equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2214596571.0000017438DA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https:www.youtube.com:443:.:^partitionKey=%28https%2Cyoutube.com%29:3 equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2282724194.000001743505E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https:www.youtube.com:443:www.youtube.com:443::n:1711125584:h3:n:1708533527:n:^partitionKey=%28https%2Cyoutube.com%29:|n:y: equals www.youtube.com (Youtube)
                  Source: firefox.exe, 0000002C.00000002.1529575192.000001E6B4D70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000003.1524551394.000001E6B4D6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://www.facebook.com/video --attempting-deelevation equals www.facebook.com (Facebook)
                  Source: firefox.exe, 0000002A.00000003.1524762647.0000012EDE758000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000003.1524317566.0000012EDE74C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002A.00000002.1529534068.0000012EDE759000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://www.youtube.com --attempting-deelevationpID equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2288717124.00000174342CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273905301.00000174342CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tlsflags0x00000000:www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: true;else if(stack.indexOf("trapProp")>=0&&stack.indexOf("trapChain")>=0)thirdPartyScript=true;else if(message.indexOf("redefine non-configurable")>=0)thirdPartyScript=true;var baseUrl=window["ytcfg"].get("EMERGENCY_BASE_URL","https://www.youtube.com/error_204?t=jserror&level=ERROR");var unsupported=message.indexOf("window.customElements is undefined")>=0;if(thirdPartyScript||unsupported)baseUrl=baseUrl.replace("level=ERROR","level=WARNING");var parts=[baseUrl];var key;for(key in values){var value= equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: var combinedLineAndColumn=err.lineNumber;if(!isNaN(err["columnNumber"]))combinedLineAndColumn=combinedLineAndColumn+(":"+err["columnNumber"]);var stack=err.stack||"";var values={"msg":message,"type":err.name,"client.params":"unhandled window error","file":err.fileName,"line":combinedLineAndColumn,"stack":stack.substr(0,500)};var thirdPartyScript=!err.fileName||err.fileName==="<anonymous>"||stack.indexOf("extension://")>=0;var replaced=stack.replace(/https:\/\/www.youtube.com\//g,"");if(replaced.match(/https?:\/\/[^/]+\//))thirdPartyScript= equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: window.polymerSkipLoadingFontRoboto = true;window.ShadyCSS = {disableRuntime: true};</script><link rel="shortcut icon" href="https://www.youtube.com/s/desktop/87423d78/img/favicon.ico" type="image/x-icon"><link rel="icon" href="https://www.youtube.com/s/desktop/87423d78/img/favicon_32x32.png" sizes="32x32"><link rel="icon" href="https://www.youtube.com/s/desktop/87423d78/img/favicon_48x48.png" sizes="48x48"><link rel="icon" href="https://www.youtube.com/s/desktop/87423d78/img/favicon_96x96.png" sizes="96x96"><link rel="icon" href="https://www.youtube.com/s/desktop/87423d78/img/favicon_144x144.png" sizes="144x144"><title>YouTube</title><link rel="canonical" href="https://www.youtube.com/"><link rel="alternate" media="handheld" href="https://m.youtube.com/"><link rel="alternate" media="only screen and (max-width: 640px)" href="https://m.youtube.com/"><meta property="og:image" content="https://www.youtube.com/img/desktop/yt_1200.png"><meta property="fb:app_id" content="87741124305"><link rel="alternate" href="android-app://com.google.android.youtube/http/www.youtube.com/"><link rel="alternate" href="ios-app://544007664/vnd.youtube/www.youtube.com/"><meta name="description" content="Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube."><meta name="keywords" content="video, sharing, camera phone, video phone, free, upload"><script nonce="ebaNv4SnOYIPkYhWeuH7aw">if ('undefined' == typeof Symbol || 'undefined' == typeof Symbol.iterator) {delete Array.prototype.entries;}</script><script nonce="ebaNv4SnOYIPkYhWeuH7aw">var ytcsi={gt:function(n){n=(n||"")+"data_";return ytcsi[n]||(ytcsi[n]={tick:{},info:{},gel:{preLoggedGelInfos:[]}})},now:window.performance&&window.performance.timing&&window.performance.now&&window.performance.timing.navigationStart?function(){return window.performance.timing.navigationStart+window.performance.now()}:function(){return(new Date).getTime()},tick:function(l,t,n){var ticks=ytcsi.gt(n).tick;var v=t||ytcsi.now();if(ticks[l]){ticks["_"+l]=ticks["_"+l]||[ticks[l]];ticks["_"+l].push(v)}ticks[l]= equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2286735878.0000017434FE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.facebook.com+f equals www.facebook.com (Facebook)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.facebook.com3f equals www.facebook.com (Facebook)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2259841751.000001743508D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2274339930.000001743428F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com:443 equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.comY equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.comi equals www.youtube.com (Youtube)
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.commMM equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2259841751.000001743507C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comname equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2215738623.0000017438D58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comtype equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.1830642290.00000174280FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1830642290.00000174280DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1830642290.00000174280D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.2260489323.0000017434FC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xO^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/ equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2287898290.000001743496B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2287778296.0000017434972000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2266094784.000001743496B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xabout:certerror?e=nssBadCert&u=https%3A//www.facebook.com/video&c=UTF-8&d=%20 equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.2268953742.000001743477C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273500469.0000017434420000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xe=nssBadCert&u=https%3A//www.facebook.com/video&c=UTF-8&d=%20 equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.1850764877.0000017424A24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xhttps://www.facebook.com/video equals www.facebook.com (Facebook)
                  Source: firefox.exe, 00000032.00000003.2260489323.0000017434FC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xhttps://www.youtube.com equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2214596571.0000017438DA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xhttps:www.youtube.com:443:.:^partitionKey=%28https%2Cyoutube.com%29:3 equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.2288717124.00000174342CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273905301.00000174342CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xtlsflags0x00000000:www.youtube.com:443^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
                  Source: firefox.exe, 00000032.00000003.1846392141.0000017425CAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/6122658-3693405117-2476756634-1003
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/:
                  Source: RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exe
                  Source: MPGPH131.exe, 0000000C.00000002.2127088659.000000000638F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exe/
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exe9
                  Source: MPGPH131.exe, 0000000C.00000002.2127088659.000000000638F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exeQD
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exeZ
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1430120842.00000000062AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exeg
                  Source: MPGPH131.exe, 0000000C.00000002.2127904553.000000000643C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exeger
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/fu.exeo
                  Source: RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exe
                  Source: MPGPH131.exe, 0000000C.00000002.2128548799.000000000651C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exeC:
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exeD
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exeb
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exeu.exe
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.0000000001542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/ladas.exev
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2128548799.000000000651C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1663748359.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1638528608.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1674302945.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1644631400.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/niks.exe
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/niks.exeBuild:
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/niks.exeC
                  Source: RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/niks.exeK
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/cost/niks.exeQ
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/ferences.SourceAumid03p
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1430120842.00000000062AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1430120842.000000000627B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1430120842.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2128548799.000000000651C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2108579496.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exe
                  Source: MPGPH131.exe, 0000000C.00000002.2128548799.000000000651C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exe;
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1430120842.00000000062BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exeI
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exeO
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1430120842.00000000062AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exeespace
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exef
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1430120842.00000000062BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exeg
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1430120842.000000000627B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exeheidiP2OuO4KF0LZU
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1430120842.00000000062BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exel
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1430120842.000000000627B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exen
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1510893343.00000000062D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1456591067.00000000062CE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1430120842.00000000062BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/amert.exev
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2128548799.000000000651C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1663748359.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1638528608.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1674302945.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1644631400.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exe
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exe&p
                  Source: MPGPH131.exe, 0000000C.00000002.2128548799.000000000651C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exe0
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exe32
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exe9
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.0000000006279000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exeEdgeMS131.exe
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exeF
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1663748359.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1638528608.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1674302945.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1644631400.0000000000FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.46/mine/plaza.exex=52
                  Source: firefox.exe, 00000032.00000003.2272383937.0000017434484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
                  Source: firefox.exe, 00000032.00000003.2272383937.0000017434484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
                  Source: firefox.exe, 00000032.00000003.2272383937.0000017434484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
                  Source: firefox.exe, 00000032.00000003.2272383937.0000017434484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                  Source: firefox.exe, 00000032.00000003.1838652851.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1750927961.000001742327D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
                  Source: firefox.exe, 00000032.00000003.2290220869.000001743ABDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2299659519.000001743ABE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1849201311.0000017424A89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mP
                  Source: firefox.exe, 00000032.00000003.2187650445.000001743A068000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2191545548.000001743A068000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212339323.0000017438EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2257114144.0000017438EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
                  Source: firefox.exe, 00000032.00000003.2196571926.000001743A075000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2187650445.000001743A075000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2196571926.000001743A073000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2187650445.000001743A071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212699060.0000017438E9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2191545548.000001743A071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                  Source: firefox.exe, 00000032.00000003.2282724194.0000017435058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crls.pki.goog/gts1c3/fVJxbV-Ktmk.crl0
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                  Source: firefox.exe, 00000035.00000003.3156576444.000001E277769000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
                  Source: firefox.exe, 00000035.00000003.3151211279.000001E27A2ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
                  Source: firefox.exe, 00000035.00000002.3774258456.000001E269703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
                  Source: firefox.exe, 00000035.00000002.3791279303.000001E275378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.htmlACTIVITY_SUBTYPE_REQUEST_BODY_SENTforgetClosedWindowBy
                  Source: firefox.exe, 00000032.00000003.1791439375.0000017428C8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
                  Source: firefox.exe, 00000032.00000003.1791439375.0000017428C8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
                  Source: firefox.exe, 00000032.00000003.1764719406.000001742B0C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1814914085.000001742B0A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1789346532.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1795778069.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3786258249.000001E274E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListenerFailed
                  Source: firefox.exe, 00000032.00000003.1764719406.000001742B0C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1814914085.000001742B0A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1789346532.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1795778069.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3786258249.000001E274E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListenerThe
                  Source: firefox.exe, 00000035.00000002.3783173868.000001E274D8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
                  Source: firefox.exe, 00000032.00000003.1859888127.0000017422C5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
                  Source: firefox.exe, 00000035.00000002.3783173868.000001E274D5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-timesTpi
                  Source: firefox.exe, 00000035.00000002.3783173868.000001E274D8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
                  Source: firefox.exe, 00000032.00000003.1859888127.0000017422C5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3783173868.000001E274D5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
                  Source: firefox.exe, 00000035.00000002.3783173868.000001E274D8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
                  Source: firefox.exe, 00000035.00000002.3774258456.000001E269703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/strings
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://fontfabrik.com
                  Source: firefox.exe, 00000032.00000003.2264876442.0000017434993000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
                  Source: firefox.exe, 00000032.00000003.2264876442.0000017434993000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
                  Source: firefox.exe, 00000032.00000003.2264876442.0000017434993000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
                  Source: firefox.exe, 00000032.00000003.2289022638.0000017434277000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes
                  Source: firefox.exe, 00000032.00000003.2264876442.0000017434993000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
                  Source: firefox.exe, 00000032.00000003.2237183415.00000174382EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2234440179.0000017439F45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2232443492.0000017439F39000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2083334009.0000017428651000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1878563274.000001742709E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2234440179.0000017439F50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1793795088.0000017427273000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2154637349.00000174351A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1878563274.00000174270BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2287898290.000001743496B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1880702973.00000174270A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2161338280.00000174351A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2153977474.0000017438251000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2160181479.0000017438251000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2161338280.00000174351B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1767695521.000001742B039000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1818096428.000001742A4D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1782404591.0000017429F81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1759860046.0000017427253000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1775444029.000001742A4D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1681326701.0000017425632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                  Source: firefox.exe, 00000032.00000003.2267014054.00000174347F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273576371.00000174342EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog
                  Source: firefox.exe, 00000032.00000003.2259841751.000001743508D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/
                  Source: firefox.exe, 00000032.00000003.2187650445.000001743A068000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2191545548.000001743A068000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212339323.0000017438EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2257114144.0000017438EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr10)
                  Source: firefox.exe, 00000032.00000003.2267676779.00000174347C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1c3
                  Source: firefox.exe, 00000032.00000003.2282724194.0000017435058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1c301
                  Source: firefox.exe, 00000032.00000003.2196571926.000001743A075000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2187650445.000001743A075000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2196571926.000001743A073000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2187650445.000001743A071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212699060.0000017438E9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2191545548.000001743A071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gtsr100
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                  Source: firefox.exe, 00000032.00000003.2187650445.000001743A068000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2191545548.000001743A068000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212339323.0000017438EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2257114144.0000017438EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
                  Source: firefox.exe, 00000032.00000003.2282724194.0000017435058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0
                  Source: firefox.exe, 00000032.00000003.2196571926.000001743A075000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2187650445.000001743A075000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2196571926.000001743A073000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2187650445.000001743A071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212699060.0000017438E9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2191545548.000001743A071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
                  Source: firefox.exe, 00000032.00000003.1838652851.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1750927961.000001742327D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
                  Source: firefox.exe, 00000032.00000003.2290220869.000001743ABDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2299659519.000001743ABE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1849201311.0000017424A89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
                  Source: firefox.exe, 00000032.00000003.2270231029.00000174344E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2267676779.00000174347B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                  Source: firefox.exe, 00000032.00000003.2270231029.00000174344E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
                  Source: firefox.exe, 00000032.00000003.2270231029.00000174344E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2267676779.00000174347B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                  Source: firefox.exe, 00000032.00000003.2214596571.0000017438DA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2215738623.0000017438D58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://support.google.com/accounts/answer/151657?hl=en
                  Source: firefox.exe, 00000032.00000003.1838652851.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1750927961.000001742327D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
                  Source: firefox.exe, 00000032.00000003.2290220869.000001743ABDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2299659519.000001743ABE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1849201311.0000017424A89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: firefox.exe, 00000035.00000002.3794518950.000001E275B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmp, firefox.exe, 00000035.00000003.2337853587.000001E2755DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                  Source: firefox.exe, 00000035.00000002.3794518950.000001E275B0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.fonts.com
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: firefox.exe, 00000032.00000003.1838652851.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1750927961.000001742327D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
                  Source: firefox.exe, 00000032.00000003.2290220869.000001743ABDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2299659519.000001743ABE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1849201311.0000017424A89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: firefox.exe, 00000035.00000003.2341934345.000001E2755DD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.2344140316.000001E2755E1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.2342841693.000001E2755DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
                  Source: firefox.exe, 00000032.00000003.2272383937.0000017434484000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
                  Source: firefox.exe, 00000035.00000002.3828337031.000001E2779BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.1742525526.000001E277A2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
                  Source: firefox.exe, 00000032.00000003.1782756133.0000017429F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul%
                  Source: firefox.exe, 00000035.00000003.1756431594.000001E2750B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3789004997.000001E2750A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul4e
                  Source: firefox.exe, 00000032.00000003.1834048744.00000174277A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1782756133.0000017429F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
                  Source: firefox.exe, 00000035.00000002.3791279303.000001E275303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulMozElements.MozElementMixin/parseXULToF
                  Source: firefox.exe, 00000035.00000002.3791279303.000001E275303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulPersisting
                  Source: firefox.exe, 00000035.00000003.1756431594.000001E2750B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3789004997.000001E2750A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulQj
                  Source: firefox.exe, 00000035.00000002.3791279303.000001E275303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulXULStore:
                  Source: firefox.exe, 00000035.00000002.3791279303.000001E275303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulhttp://www.mozilla.org/keymaster/gateke
                  Source: firefox.exe, 00000035.00000002.3791279303.000001E275303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/PrivateBrowsingU
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.tiro.com
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.typography.netD
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1238312051.00000000052B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 0000000B.00000003.1291671005.0000000004F20000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3747761601.00000000000F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 0000000C.00000002.2102984321.00000000000F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 0000000C.00000003.1294616369.0000000004C50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1598643514.0000000000841000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 00000011.00000003.1394674409.00000000050F0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1767901365.0000000000841000.00000040.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                  Source: firefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: firefox.exe, 00000032.00000003.2270231029.00000174344E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2267676779.00000174347B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                  Source: firefox.exe, 00000032.00000003.2270231029.00000174344E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2267676779.00000174347B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                  Source: firefox.exe, 00000032.00000003.2271431431.0000017434492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1592714878.0000017427000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593688157.000001742565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1594026480.0000017425677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593417006.000001742563C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324930275.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1317346712.000000000626D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1320066554.00000000062A2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1414490747.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1360612236.0000000006042000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1399235285.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1412211859.0000000005D80000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1402479545.0000000005D58000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1424928165.0000000005D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
                  Source: firefox.exe, 00000035.00000002.3774258456.000001E269703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3774258456.000001E269768000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2268953742.000001743477C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/:
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/b
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/m
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com7E.
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3758093365.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.1579684304.000001D260290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comC:
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comI
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comL
                  Source: firefox.exe, 00000035.00000002.3774258456.000001E269703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comMOZ_CRASHREPORTER_RESTART_ARG_2=--attempting-deelevation
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comU
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comeo
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comhenb
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comin7
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comoE
                  Source: firefox.exe, 00000030.00000002.1579684304.000001D260290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comz
                  Source: firefox.exe, 00000032.00000003.2263489873.00000174349E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
                  Source: firefox.exe, 00000032.00000003.2279429406.0000017439D40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2256432371.0000017439D2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/static-server/
                  Source: firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/static-server/;
                  Source: firefox.exe, 00000032.00000003.2279429406.0000017439D40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2256432371.0000017439D2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/user-media/;
                  Source: firefox.exe, 00000032.00000003.1848116032.0000017424AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org0#
                  Source: firefox.exe, 00000032.00000003.1830642290.00000174280FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273788735.00000174342DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1830642290.00000174280DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1830642290.00000174280D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
                  Source: firefox.exe, 00000032.00000003.2206071536.0000017439E35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
                  Source: firefox.exe, 00000032.00000003.2185665217.000001743A53D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://audiomack.com/4shootersonly
                  Source: firefox.exe, 00000035.00000002.3774258456.000001E26970D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
                  Source: firefox.exe, 00000032.00000003.1857910160.0000017422CB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
                  Source: firefox.exe, 00000032.00000003.1857910160.0000017422CB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
                  Source: firefox.exe, 00000032.00000003.2214596571.0000017438DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
                  Source: firefox.exe, 00000032.00000003.2176150922.0000017435468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197590493.000001743A263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197476590.000001743A263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
                  Source: firefox.exe, 00000032.00000003.2176150922.0000017435468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197590493.000001743A263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197476590.000001743A263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
                  Source: firefox.exe, 00000032.00000003.2176150922.0000017435468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197590493.000001743A263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197476590.000001743A263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
                  Source: firefox.exe, 00000032.00000003.2176150922.0000017435468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197590493.000001743A263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197476590.000001743A263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
                  Source: firefox.exe, 00000032.00000003.2176150922.0000017435468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197590493.000001743A263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197476590.000001743A263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
                  Source: firefox.exe, 00000032.00000003.2176150922.0000017435468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197590493.000001743A263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197476590.000001743A263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
                  Source: firefox.exe, 00000032.00000003.2176150922.0000017435468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197590493.000001743A263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197476590.000001743A263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
                  Source: firefox.exe, 00000032.00000003.2176150922.0000017435468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
                  Source: firefox.exe, 00000032.00000003.2176150922.0000017435468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197590493.000001743A263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197476590.000001743A263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
                  Source: firefox.exe, 00000032.00000003.2176150922.0000017435468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197590493.000001743A263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2197476590.000001743A263000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324930275.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1317346712.000000000626D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1320066554.00000000062A2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1414490747.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1360612236.0000000006042000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1399235285.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1412211859.0000000005D80000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1402479545.0000000005D58000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1424928165.0000000005D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324930275.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1317346712.000000000626D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1320066554.00000000062A2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1414490747.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1360612236.0000000006042000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1399235285.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1412211859.0000000005D80000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1402479545.0000000005D58000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1424928165.0000000005D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324930275.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1317346712.000000000626D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1320066554.00000000062A2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1414490747.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1360612236.0000000006042000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1399235285.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1412211859.0000000005D80000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1402479545.0000000005D58000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1424928165.0000000005D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: firefox.exe, 00000032.00000003.1593181260.000001742561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1592714878.0000017427000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593688157.000001742565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1594026480.0000017425677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593417006.000001742563C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
                  Source: firefox.exe, 00000032.00000003.2283125007.000001743426F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2300774953.000001743AE81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2297842142.000001743AE85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2289022638.0000017434267000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.
                  Source: firefox.exe, 00000032.00000003.1857910160.0000017422CB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                  Source: firefox.exe, 00000032.00000003.1857910160.0000017422CB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
                  Source: firefox.exe, 00000035.00000002.3774258456.000001E26970D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
                  Source: firefox.exe, 00000032.00000003.2215738623.0000017438D58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2282724194.000001743505E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/youtube_main
                  Source: firefox.exe, 00000032.00000003.1764719406.000001742B0C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1814914085.000001742B0A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
                  Source: firefox.exe, 00000032.00000003.1789346532.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1795778069.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.1761756857.000001E27A2AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabPlease
                  Source: firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureOffscreenCanvas.toBlob()
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequest
                  Source: firefox.exe, 00000032.00000003.1764719406.000001742B0C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1814914085.000001742B0A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
                  Source: firefox.exe, 00000035.00000003.1761756857.000001E27A2AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureInstallTrigger.install()
                  Source: firefox.exe, 00000032.00000003.1764719406.000001742B0C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1814914085.000001742B0A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
                  Source: firefox.exe, 00000032.00000003.1789346532.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1795778069.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.1761756857.000001E27A2AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryptiondocument.requestSto
                  Source: firefox.exe, 00000032.00000003.1764719406.000001742B0C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1814914085.000001742B0A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
                  Source: firefox.exe, 00000032.00000003.1789346532.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1795778069.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3786258249.000001E274E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingTrying
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
                  Source: firefox.exe, 00000032.00000003.2272383937.0000017434484000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593417006.000001742563C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
                  Source: firefox.exe, 00000032.00000003.2270231029.00000174344E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324930275.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1317346712.000000000626D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1320066554.00000000062A2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1414490747.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1360612236.0000000006042000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1399235285.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1412211859.0000000005D80000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1402479545.0000000005D58000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1424928165.0000000005D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324930275.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1317346712.000000000626D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1320066554.00000000062A2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1414490747.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1360612236.0000000006042000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1399235285.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1412211859.0000000005D80000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1402479545.0000000005D58000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1424928165.0000000005D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324930275.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1317346712.000000000626D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1320066554.00000000062A2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1414490747.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1360612236.0000000006042000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1399235285.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1412211859.0000000005D80000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1402479545.0000000005D58000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1424928165.0000000005D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: firefox.exe, 00000032.00000003.1838652851.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1883917437.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1875549382.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1848913495.0000017424A9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2290220869.000001743ABD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1750927961.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1704192733.00000174243DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1862494564.00000174243E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1682388555.00000174243DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
                  Source: firefox.exe, 00000032.00000003.2290220869.000001743ABDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2299659519.000001743ABE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1849201311.0000017424A89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
                  Source: firefox.exe, 00000032.00000003.2290220869.000001743ABDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2299659519.000001743ABE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1849201311.0000017424A89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
                  Source: firefox.exe, 00000032.00000003.1883917437.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1875549382.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1848913495.0000017424A9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2290220869.000001743ABD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1704192733.00000174243DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1862494564.00000174243E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1682388555.00000174243DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
                  Source: firefox.exe, 00000032.00000003.1764719406.000001742B0C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1814914085.000001742B0A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.1761756857.000001E27A2AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/initMouseEvent()
                  Source: firefox.exe, 00000032.00000003.2184749321.000001743A5E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2275095437.000001743A5DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fanlink.to/lofigirl-music
                  Source: firefox.exe, 00000032.00000003.2184749321.000001743A5E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2275095437.000001743A5DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fanlink.to/lofigirl-social
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
                  Source: firefox.exe, 00000032.00000003.2289022638.0000017434277000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/
                  Source: firefox.exe, 00000032.00000003.1993303322.000001742F967000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1989908357.000001742F96A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
                  Source: firefox.exe, 00000032.00000003.1995380226.000001742F992000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1991114320.000001742F97F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1989908357.000001742F976000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1989908357.000001742F96A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1993303322.000001742F93D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1989908357.000001742F979000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1992800789.000001742F982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
                  Source: firefox.exe, 00000032.00000003.1993303322.000001742F967000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
                  Source: firefox.exe, 00000032.00000003.1775444029.000001742A4EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1818096428.000001742A4EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3795741643.000001E275BF0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
                  Source: firefox.exe, 00000032.00000003.2204220486.0000017439EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
                  Source: firefox.exe, 00000032.00000003.2204220486.0000017439EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
                  Source: firefox.exe, 00000035.00000002.3781070788.000001E274CBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.1760523729.000001E274CBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1
                  Source: firefox.exe, 00000032.00000003.2267676779.00000174347B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2289022638.0000017434277000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/
                  Source: firefox.exe, 00000032.00000003.2266094784.000001743496B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx?_expected=169273
                  Source: firefox.exe, 00000032.00000003.2205395375.0000017439E47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
                  Source: firefox.exe, 00000032.00000003.2239210272.000001743A0F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2195500481.000001743A0F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2254264146.000001743A0F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2211654709.000001743A0F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/whats-new-panel/changeset?
                  Source: firefox.exe, 00000032.00000003.2267676779.00000174347E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
                  Source: firefox.exe, 00000032.00000003.2288717124.00000174342C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273905301.00000174342BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2259841751.0000017435086000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2282724194.000001743505E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
                  Source: firefox.exe, 00000035.00000002.3791279303.000001E275303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1sessionstore-restoring-on-startup
                  Source: firefox.exe, 00000032.00000003.2266094784.000001743496B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
                  Source: firefox.exe, 00000032.00000003.2289022638.0000017434277000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Kinto/kinto-attachment/
                  Source: firefox.exe, 00000032.00000003.1593181260.000001742561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1592714878.0000017427000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593688157.000001742565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1594026480.0000017425677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593417006.000001742563C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
                  Source: firefox.exe, 00000032.00000003.2287898290.0000017434946000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
                  Source: firefox.exe, 00000032.00000003.2266094784.000001743496B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
                  Source: firefox.exe, 00000035.00000002.3791279303.000001E275303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3774258456.000001E269703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3781070788.000001E274CBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.1760523729.000001E274CBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
                  Source: firefox.exe, 00000035.00000002.3791279303.000001E275303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881validate
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2274339930.0000017434299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/generate_204
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi/B2HfbSBv0ao/frame0.jpg
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi/B2HfbSBv0ao/oar2.jpg?sqp=-oaymwEdCJUDENAFSFWQAgHyq4qpAwwIARUAAIhCcAHAAQY=
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi/LFnj8xKcrOQ/frame0.jpg
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi/LFnj8xKcrOQ/oar2.jpg?sqp=-oaymwEdCJUDENAFSFWQAgHyq4qpAwwIARUAAIhCcAHAAQY=
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi/h0I10UmFijY/frame0.jpg
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi/h0I10UmFijY/hq720.jpg?sqp=-oaymwEdCJUDENAFSFXyq4qpAw8IARUAAIhCcAHAAQbQAQE=
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi/iZvzF01dC1o/frame0.jpg
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi/iZvzF01dC1o/hq720.jpg?sqp=-oaymwEdCJUDENAFSFXyq4qpAw8IARUAAIhCcAHAAQbQAQE=
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi/v5vbPTRoc4U/frame0.jpg
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.ytimg.com/vi/v5vbPTRoc4U/oar2.jpg?sqp=-oaymwEdCJUDENAFSFWQAgHyq4qpAwwIARUAAIhCcAHAAQY=
                  Source: firefox.exe, 00000032.00000003.2174843720.0000017438EEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212339323.0000017438EEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
                  Source: firefox.exe, 00000032.00000003.2273500469.0000017434420000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
                  Source: firefox.exe, 00000032.00000003.2259841751.000001743508D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
                  Source: firefox.exe, 00000032.00000003.2273576371.00000174342E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/3e6f0371-71b6-4f22-a51b-cd59a
                  Source: RageMP131.exe, 00000011.00000002.1601590165.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.00000000013E7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.000000000132B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.0000000001380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000000F5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/5E
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3766658918.0000000001209000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.00000000013E7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.0000000001380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/Mozilla/5.0
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1238312051.00000000052B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 0000000B.00000003.1291671005.0000000004F20000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3747761601.00000000000F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 0000000C.00000002.2102984321.00000000000F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 0000000C.00000003.1294616369.0000000004C50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1598643514.0000000000841000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 00000011.00000003.1394674409.00000000050F0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1767901365.0000000000841000.00000040.00000001.01000000.00000007.sdmpString found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/l
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.00000000011AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/p
                  Source: RageMP131.exe, 00000011.00000002.1601590165.00000000013B1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.222
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.0000000001380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.2224q
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.222CF
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.000000000135E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.222PsR=
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.00000000011DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/191.96.227.222t
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.000000000132B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/x
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.0000000001209000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.000000000132B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.227.222
                  Source: RageMP131.exe, 00000011.00000002.1601590165.000000000137E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.227.222J
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.227.222L
                  Source: firefox.exe, 00000032.00000003.2272383937.0000017434476000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
                  Source: firefox.exe, 00000032.00000003.2264876442.0000017434993000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
                  Source: firefox.exe, 00000032.00000003.2264876442.0000017434993000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
                  Source: firefox.exe, 00000032.00000003.2264876442.0000017434993000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
                  Source: firefox.exe, 00000032.00000003.2264876442.0000017434993000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
                  Source: firefox.exe, 00000032.00000003.1842642659.00000174277DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
                  Source: firefox.exe, 00000032.00000003.2212699060.0000017438E8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212699060.0000017438E9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1833996891.00000174277B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1828609198.00000174285E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
                  Source: firefox.exe, 00000032.00000003.1841801010.00001EEDE3B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                  Source: firefox.exe, 00000032.00000003.1841801010.00001EEDE3B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZ
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.youtube.com/
                  Source: firefox.exe, 00000032.00000003.1883917437.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1875549382.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1848913495.0000017424A9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2290220869.000001743ABD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1704192733.00000174243DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1862494564.00000174243E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1682388555.00000174243DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
                  Source: firefox.exe, 00000032.00000003.1838652851.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1883917437.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1875549382.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1848913495.0000017424A9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2290220869.000001743ABD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1750927961.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1704192733.00000174243DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1862494564.00000174243E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1682388555.00000174243DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
                  Source: firefox.exe, 00000032.00000003.2290220869.000001743ABDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2299659519.000001743ABE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1849201311.0000017424A89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
                  Source: firefox.exe, 00000032.00000003.1838652851.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1883917437.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1875549382.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1848913495.0000017424A9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2290220869.000001743ABD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1750927961.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1704192733.00000174243DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1862494564.00000174243E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1682388555.00000174243DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
                  Source: firefox.exe, 00000032.00000003.2290220869.000001743ABDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2299659519.000001743ABE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1849201311.0000017424A89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
                  Source: firefox.exe, 00000035.00000002.3774258456.000001E2697D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
                  Source: firefox.exe, 00000032.00000003.2264382163.00000174349CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
                  Source: firefox.exe, 00000032.00000003.2161338280.0000017435197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
                  Source: firefox.exe, 00000032.00000003.1854590870.00000174235F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
                  Source: firefox.exe, 00000032.00000003.2264382163.00000174349CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
                  Source: firefox.exe, 00000032.00000003.1883917437.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1875549382.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1848913495.0000017424A9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2290220869.000001743ABD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1704192733.00000174243DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1862494564.00000174243E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1682388555.00000174243DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
                  Source: firefox.exe, 00000032.00000003.2196571926.000001743A075000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2187650445.000001743A075000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2196571926.000001743A073000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2187650445.000001743A071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212699060.0000017438E9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2191545548.000001743A071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pki.goog/repository/0
                  Source: firefox.exe, 00000032.00000003.2151688142.0000017435197000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2154637349.0000017435197000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2161338280.0000017435197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
                  Source: firefox.exe, 00000032.00000003.2151688142.0000017435197000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2154637349.0000017435197000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2161338280.0000017435197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
                  Source: firefox.exe, 00000032.00000003.1838652851.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1883917437.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1875549382.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1848913495.0000017424A9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2290220869.000001743ABD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1750927961.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1704192733.00000174243DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1862494564.00000174243E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1682388555.00000174243DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
                  Source: firefox.exe, 00000032.00000003.2290220869.000001743ABDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2299659519.000001743ABE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1849201311.0000017424A89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
                  Source: firefox.exe, 00000032.00000003.1849372556.0000017424A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
                  Source: firefox.exe, 00000032.00000003.2266094784.000001743496B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
                  Source: firefox.exe, 00000032.00000003.2264876442.000001743498C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
                  Source: firefox.exe, 00000032.00000003.2288717124.00000174342C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273905301.00000174342BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
                  Source: firefox.exe, 00000032.00000003.2289022638.0000017434277000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-settings.readthedocs.io
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rr1---sn-p5qlsn7l.googlevideo.com/initplayback?source=youtube
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rr2---sn-p5qlsny6.googlevideo.com/initplayback?source=youtube
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rr3---sn-p5qlsndk.googlevideo.com/initplayback?source=youtube
                  Source: firefox.exe, 00000032.00000003.2275095437.000001743A5DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rr4---sn-p5qddn7r.googlevideo.com/initplayback?source=youtube
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rr4---sn-p5qlsndr.googlevideo.com/initplayback?source=youtube
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rr4---sn-p5qs7n6d.googlevideo.com/initplayback?source=youtube
                  Source: firefox.exe, 00000032.00000003.2185665217.000001743A53D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rr5---sn-p5qlsndz.googlevideo.com/initplayback?source=youtube
                  Source: firefox.exe, 00000032.00000003.1848116032.0000017424AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
                  Source: firefox.exe, 00000032.00000003.1593417006.000001742563C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
                  Source: firefox.exe, 00000032.00000003.2267014054.00000174347F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org
                  Source: firefox.exe, 00000032.00000003.2273905301.00000174342BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/view/sources-nuclear-winter
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
                  Source: firefox.exe, 00000032.00000003.1830642290.00000174280FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273788735.00000174342DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2139801775.000001743806E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
                  Source: firefox.exe, 00000032.00000003.1830642290.00000174280FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273788735.00000174342DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2139801775.000001743806E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1830642290.00000174280DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1830642290.00000174280D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
                  Source: firefox.exe, 00000032.00000003.1848116032.0000017424AC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2206071536.0000017439E35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                  Source: firefox.exe, 00000032.00000003.2266094784.000001743496B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
                  Source: firefox.exe, 00000032.00000003.1993303322.000001742F967000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
                  Source: firefox.exe, 00000032.00000003.1993303322.000001742F967000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
                  Source: firefox.exe, 00000032.00000003.1775444029.000001742A42B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
                  Source: firefox.exe, 00000032.00000003.2281663425.00000174380BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2257756030.00000174380BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
                  Source: firefox.exe, 00000035.00000002.3791279303.000001E275303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3825000542.000001E27775F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
                  Source: firefox.exe, 00000032.00000003.2191545548.000001743A09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                  Source: firefox.exe, 00000032.00000003.1814914085.000001742B0A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
                  Source: firefox.exe, 00000032.00000003.1789346532.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1795778069.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3786258249.000001E274E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
                  Source: firefox.exe, 00000032.00000003.1789346532.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1795778069.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3786258249.000001E274E97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThe
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsUse
                  Source: firefox.exe, 00000032.00000003.1936036582.0000017423162000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
                  Source: firefox.exe, 00000032.00000003.2191545548.000001743A09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1663748359.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1638528608.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1674302945.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1644631400.0000000000FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.W?d2
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.00000000011AD000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.000000000132B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT
                  Source: RageMP131.exe, 00000011.00000002.1601590165.000000000137E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT5
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.00000000011AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTA
                  Source: RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1663748359.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1638528608.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1674302945.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1644631400.0000000000FC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot2=
                  Source: RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botE
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botSS0d
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botfo.org
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botisepro_botS
                  Source: RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botr
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botrisep
                  Source: firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
                  Source: firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
                  Source: firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
                  Source: firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
                  Source: firefox.exe, 00000032.00000003.1848116032.0000017424AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
                  Source: firefox.exe, 00000032.00000003.2263489873.00000174349E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
                  Source: firefox.exe, 00000032.00000003.2261350498.0000017434FA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
                  Source: firefox.exe, 00000032.00000003.2279429406.0000017439D40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2256432371.0000017439D2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://videos.cdn.mozilla.net;
                  Source: firefox.exe, 00000032.00000003.2206071536.0000017439E35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
                  Source: firefox.exe, 00000032.00000003.2264382163.00000174349CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
                  Source: firefox.exe, 00000032.00000003.1857910160.0000017422CB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
                  Source: firefox.exe, 00000032.00000003.1593181260.000001742561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1592714878.0000017427000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593688157.000001742565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1594026480.0000017425677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593417006.000001742563C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
                  Source: firefox.exe, 00000032.00000003.2186760413.000001743A123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.carvertical.com/gb/landing/britain?a=Matarmstrong
                  Source: firefox.exe, 00000032.00000003.2185665217.000001743A53D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ea.com/games/the-sims/new...
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324930275.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1317346712.000000000626D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1320066554.00000000062A2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1414490747.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1360612236.0000000006042000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1399235285.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1412211859.0000000005D80000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1402479545.0000000005D58000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1424928165.0000000005D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.c
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001015000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.co
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001015000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.faok.c
                  Source: firefox.exe, 00000032.00000003.2279429406.0000017439D40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2256432371.0000017439D2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
                  Source: firefox.exe, 00000032.00000003.2271431431.0000017434495000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                  Source: firefox.exe, 00000032.00000003.1941574194.00000174231E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
                  Source: firefox.exe, 00000032.00000003.1593181260.000001742561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1592714878.0000017427000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593688157.000001742565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1594026480.0000017425677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593417006.000001742563C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324930275.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1317346712.000000000626D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1320066554.00000000062A2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1414490747.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1360612236.0000000006042000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1399235285.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1412211859.0000000005D80000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1402479545.0000000005D58000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1424928165.0000000005D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: firefox.exe, 00000032.00000003.2272383937.0000017434484000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593417006.000001742563C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                  Source: firefox.exe, 00000032.00000003.2270231029.00000174344E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2168784704.00000174382EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
                  Source: firefox.exe, 00000032.00000003.2279429406.0000017439D40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2256432371.0000017439D2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js
                  Source: firefox.exe, 00000032.00000003.2279429406.0000017439D40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2256432371.0000017439D2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                  Source: firefox.exe, 00000032.00000003.2279429406.0000017439D40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2256432371.0000017439D2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                  Source: firefox.exe, 00000032.00000003.2151688142.0000017435197000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2154637349.0000017435197000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2161338280.0000017435197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
                  Source: firefox.exe, 00000032.00000003.2151688142.0000017435197000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2154637349.0000017435197000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2161338280.0000017435197000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
                  Source: firefox.exe, 00000032.00000003.1857910160.0000017422CB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/login
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/login_
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/loging
                  Source: firefox.exe, 00000032.00000003.2206071536.0000017439E35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                  Source: firefox.exe, 00000032.00000003.2266094784.000001743496B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
                  Source: firefox.exe, 00000032.00000003.2191545548.000001743A09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
                  Source: firefox.exe, 00000032.00000003.1995380226.000001742F992000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1991114320.000001742F97F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1989908357.000001742F976000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1989908357.000001742F96A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1993303322.000001742F93D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1989908357.000001742F979000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1992800789.000001742F982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
                  Source: firefox.exe, 00000032.00000003.2191545548.000001743A09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
                  Source: firefox.exe, 00000032.00000003.2281663425.00000174380BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2257756030.00000174380BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1412567488.000000000127E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1672610521.0000000001281000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1673552943.0000000001286000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1404291007.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1420498469.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1405215164.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1392017267.0000000001284000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1599830884.000000000127D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1400533396.0000000001285000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1390638539.0000000001286000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1632011958.0000000001281000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1416016550.000000000127D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1418276465.0000000001283000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1665271993.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1637705918.0000000001281000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1626749702.0000000001284000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1403112986.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1390158333.0000000001283000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1402267873.000000000127E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324288383.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1331902256.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1322709838.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1329370633.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1325287068.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1321190514.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1333948850.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1332776311.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1321792821.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1323605630.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1325727699.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1327549579.0000000006279000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1392545213.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1411839029.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1390239757.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1632504648.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1404479482.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1670000632.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1664225767.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1406607916.000000000604E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/~
                  Source: firefox.exe, 00000032.00000003.2281663425.00000174380BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2257756030.00000174380BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
                  Source: firefox.exe, 00000032.00000003.2191545548.000001743A09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1412567488.000000000127E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1672610521.0000000001281000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1673552943.0000000001286000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1404291007.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1420498469.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1405215164.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1392017267.0000000001284000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1599830884.000000000127D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1400533396.0000000001285000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1390638539.0000000001286000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1632011958.0000000001281000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1416016550.000000000127D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1418276465.0000000001283000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1665271993.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1637705918.0000000001281000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1626749702.0000000001284000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1403112986.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1390158333.0000000001283000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1402267873.000000000127E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                  Source: firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
                  Source: MPGPH131.exe, 0000000B.00000003.1390638539.0000000001286000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1390158333.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/6)_1
                  Source: firefox.exe, 00000032.00000003.2272383937.000001743443F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
                  Source: MPGPH131.exe, 0000000C.00000002.2127904553.000000000643C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/ataQV
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324288383.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1331902256.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1322709838.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1329370633.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1325287068.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1321190514.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1333948850.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1332776311.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1321792821.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1323605630.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1325727699.0000000006279000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1327549579.0000000006279000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1392545213.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1411839029.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1390239757.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1632504648.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1404479482.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1670000632.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1664225767.000000000604E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1406607916.000000000604E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                  Source: MPGPH131.exe, 0000000B.00000003.1412567488.000000000127E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1672610521.0000000001281000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1673552943.0000000001286000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1404291007.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1420498469.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1405215164.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1392017267.0000000001284000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1599830884.000000000127D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1400533396.0000000001285000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1390638539.0000000001286000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1632011958.0000000001281000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1416016550.000000000127D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1418276465.0000000001283000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1665271993.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1637705918.0000000001281000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1626749702.0000000001284000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1403112986.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1390158333.0000000001283000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1402267873.000000000127E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1672469108.0000000001277000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/index
                  Source: MPGPH131.exe, 0000000B.00000003.1390638539.0000000001286000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1390158333.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/lxD
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/ta
                  Source: firefox.exe, 00000032.00000003.1841801010.00001EEDE3B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
                  Source: firefox.exe, 00000032.00000003.1841801010.00001EEDE3B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comZ
                  Source: firefox.exe, 00000032.00000003.1830642290.0000017428089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
                  Source: firefox.exe, 00000032.00000003.2279429406.0000017439D40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2256432371.0000017439D2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.recaptcha.net/recaptcha/
                  Source: firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.recaptcha.net/recaptcha/;
                  Source: firefox.exe, 00000032.00000003.2269271595.000001743475A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
                  Source: firefox.exe, 00000032.00000003.1841801010.00001EEDE3B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
                  Source: firefox.exe, 00000032.00000003.1841801010.00001EEDE3B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.caZ
                  Source: firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                  Source: firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com$
                  Source: firefox.exe, 0000002A.00000002.1529534068.0000012EDE730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com%
                  Source: firefox.exe, 00000031.00000002.1638000127.000001B6B9140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com--attempting-deelevation
                  Source: firefox.exe, 00000032.00000003.2282724194.000001743505E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/#
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/7D.
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/E
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/error_204?t=jserror&level=ERROR
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/img/desktop/yt_1200.png
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ls.k
                  Source: firefox.exe, 00000032.00000003.2191545548.000001743A09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/moc.ebutuoy.www.
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/img/favicon.ico
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/img/favicon_144x144.png
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/img/favicon_32x32.png
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/img/favicon_48x48.png
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/img/favicon_96x96.png
                  Source: firefox.exe, 00000032.00000003.2274339930.0000017434299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/jsbin/custom-elements-es5-adapter.vflset/c
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/jsbin/custom-elements-es5-adapter.vflset/custom-elements-
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2274339930.0000017434299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/jsbin/desktop_polymer.vflset/desktop_polymer.js
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/jsbin/intersection-observer.min.vflset/intersection-obser
                  Source: firefox.exe, 00000032.00000003.2186694794.000001743A178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/jsbin/scheduler.vflset/scheduler.js
                  Source: firefox.exe, 00000032.00000003.2186694794.000001743A178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/jsbin/spf.vflset/spf.js
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2274339930.0000017434299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/jsbin/web-animations-next-lite.min.vflset/web-animations-
                  Source: firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/jsbin/webcomponents-sd.vflset/webcomponents-sd.js
                  Source: firefox.exe, 00000032.00000003.2186694794.000001743A178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.
                  Source: firefox.exe, 00000032.00000003.2186694794.000001743A178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/desktop/87423d78/jsbin/www-tampering.vflset/www-tampering.js
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com2
                  Source: firefox.exe, 00000032.00000003.2267014054.00000174347F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com9C$t
                  Source: firefox.exe, 0000002A.00000002.1529534068.0000012EDE730000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comC:
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000CBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comJ8
                  Source: firefox.exe, 00000033.00000002.1888020329.0000024BF77A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:
                  Source: firefox.exe, 00000033.00000002.1888020329.0000024BF77A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comNUMBER_OF_PROCESSORS=2OneDrive=C:
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comW
                  Source: firefox.exe, 0000002A.00000002.1529534068.0000012EDE730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comf
                  Source: firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comm
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comq
                  Source: firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comt(H=#
                  Source: firefox.exe, 00000032.00000003.1764719406.000001742B0C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1814914085.000001742B0A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1789346532.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1795778069.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.1761756857.000001E27A2AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
                  Source: firefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warningThe
                  Source: firefox.exe, 00000032.00000003.2273576371.00000174342EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
                  Source: firefox.exe, 00000032.00000003.2273576371.00000174342EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/

                  System Summary

                  barindex
                  Binary is likely a compiled AutoIt script file
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1391748098.00000000066DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_c6954346-3
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1391748098.00000000066DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_31e27c6c-c
                  Source: MPGPH131.exe, 0000000C.00000003.1801094506.0000000006919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_487a62d7-a
                  Source: MPGPH131.exe, 0000000C.00000003.1801094506.0000000006919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_6efc7ebe-8
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3749900219.0000000000502000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_59b4dd22-c
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3749900219.0000000000502000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_87f53911-0
                  Downloads suspicious files via Chrome
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir9736_486930789\CRX_INSTALL\content_new.jsJump to dropped file
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\eventpage_bin_prod.jsJump to dropped file
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\page_embed_script.jsJump to dropped file
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile dump: C:\Users\user\AppData\Local\Temp\scoped_dir9736_486930789\CRX_INSTALL\content.jsJump to dropped file
                  PE file contains section with special chars
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: section name: .idata
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name: .idata
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name: .idata
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: niks[1].exe.0.drStatic PE information: section name:
                  Source: niks[1].exe.0.drStatic PE information: section name: .idata
                  Source: niks[1].exe.0.drStatic PE information: section name:
                  Source: _WH7GEUgP5nY6c3Q4pig.exe.0.drStatic PE information: section name:
                  Source: _WH7GEUgP5nY6c3Q4pig.exe.0.drStatic PE information: section name: .idata
                  Source: _WH7GEUgP5nY6c3Q4pig.exe.0.drStatic PE information: section name:
                  Source: ladas[1].exe.0.drStatic PE information: section name:
                  Source: ladas[1].exe.0.drStatic PE information: section name: .idata
                  Source: ladas[1].exe.0.drStatic PE information: section name:
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: section name:
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: section name: .idata
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: section name:
                  Source: EdgeMS131.exe.0.drStatic PE information: section name:
                  Source: EdgeMS131.exe.0.drStatic PE information: section name: .idata
                  Source: EdgeMS131.exe.0.drStatic PE information: section name:
                  Source: amert[1].exe.0.drStatic PE information: section name:
                  Source: amert[1].exe.0.drStatic PE information: section name: .idata
                  Source: amert[1].exe.0.drStatic PE information: section name:
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: section name:
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: section name: .idata
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: section name:
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name:
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: .idata
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name:
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: section name:
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: .idata
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: section name:
                  Source: ladas[1].exe.12.drStatic PE information: section name:
                  Source: ladas[1].exe.12.drStatic PE information: section name: .idata
                  Source: ladas[1].exe.12.drStatic PE information: section name:
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: section name:
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: section name: .idata
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: section name:
                  Source: amert[2].exe.12.drStatic PE information: section name:
                  Source: amert[2].exe.12.drStatic PE information: section name: .idata
                  Source: amert[2].exe.12.drStatic PE information: section name:
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: section name:
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: section name: .idata
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: section name:
                  Source: niks[1].exe.12.drStatic PE information: section name:
                  Source: niks[1].exe.12.drStatic PE information: section name: .idata
                  Source: niks[1].exe.12.drStatic PE information: section name:
                  Source: XVBRN46YoSEg_PLvB4Ku.exe.12.drStatic PE information: section name:
                  Source: XVBRN46YoSEg_PLvB4Ku.exe.12.drStatic PE information: section name: .idata
                  Source: XVBRN46YoSEg_PLvB4Ku.exe.12.drStatic PE information: section name:
                  PE file has nameless sections
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess Stats: CPU usage > 49%
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_000FA450 RtlAllocateHeap,NtQuerySystemInformation,HeapFree,RtlFreeHeap,RtlAllocateHeap,NtQuerySystemInformation,HeapFree,11_2_000FA450
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_000FA770 NtDuplicateObject,CreateThread,RtlUnicodeStringToAnsiString,TerminateThread,11_2_000FA770
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_8136_1986986015
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B908900_2_00B90890
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B948E00_2_00B948E0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B910100_2_00B91010
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BA20100_2_00BA2010
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B6F0500_2_00B6F050
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BBD1800_2_00BBD180
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BB39100_2_00BB3910
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C3A9300_2_00C3A930
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BB52B00_2_00BB52B0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B85A900_2_00B85A90
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B8BA600_2_00B8BA60
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BA22500_2_00BA2250
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BADB800_2_00BADB80
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B713C00_2_00B713C0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BA03600_2_00BA0360
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BB33500_2_00BB3350
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B98C900_2_00B98C90
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B9D5A00_2_00B9D5A0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B965900_2_00B96590
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B705800_2_00B70580
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BF45E00_2_00BF45E0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B885700_2_00B88570
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B8DE700_2_00B8DE70
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B976600_2_00B97660
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B807800_2_00B80780
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B847300_2_00B84730
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B9A7000_2_00B9A700
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C4970D0_2_00C4970D
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B8A7600_2_00B8A760
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C408800_2_00C40880
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C460400_2_00C46040
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C440080_2_00C44008
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B620500_2_00B62050
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00CC00200_2_00CC0020
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BD08500_2_00BD0850
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B7A1500_2_00B7A150
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BB82E00_2_00BB82E0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B622C00_2_00B622C0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B902C00_2_00B902C0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BFD2C00_2_00BFD2C0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C49A4F0_2_00C49A4F
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BE1A500_2_00BE1A50
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C573C40_2_00C573C4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B6ABA00_2_00B6ABA0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C5D3110_2_00C5D311
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BF23600_2_00BF2360
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C5F4C00_2_00C5F4C0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BDF4D00_2_00BDF4D0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BED5300_2_00BED530
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BE4D300_2_00BE4D30
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BBA5400_2_00BBA540
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BEDE700_2_00BEDE70
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BF1E500_2_00BF1E50
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00BE0FD00_2_00BE0FD0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B6A7700_2_00B6A770
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0012089011_2_00120890
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_001248E011_2_001248E0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_001CA93011_2_001CA930
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0011BA6011_2_0011BA60
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_00115A9011_2_00115A90
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0014335011_2_00143350
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0013DB8011_2_0013DB80
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_000FABA011_2_000FABA0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_001133D011_2_001133D0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_00128C9011_2_00128C90
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0011857011_2_00118570
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0012659011_2_00126590
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_001845E011_2_001845E0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0011DE7011_2_0011DE70
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0012766011_2_00127660
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0012A70011_2_0012A700
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0011473011_2_00114730
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0011A76011_2_0011A760
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_000FA77011_2_000FA770
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_00120FB011_2_00120FB0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_001D400811_2_001D4008
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_000F205011_2_000F2050
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_001D088011_2_001D0880
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0010A15011_2_0010A150
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0016217011_2_00162170
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_00171A5011_2_00171A50
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_001D9A4F11_2_001D9A4F
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_000F22C011_2_000F22C0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_001202C011_2_001202C0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0018D2C011_2_0018D2C0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0018236011_2_00182360
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0016F4D011_2_0016F4D0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0017BCC011_2_0017BCC0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_00174D3011_2_00174D30
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0017D53011_2_0017D530
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_0017DE7011_2_0017DE70
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_001607B011_2_001607B0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_00170FD011_2_00170FD0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: String function: 00BC9C70 appears 36 times
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 00159C70 appears 31 times
                  Source: ladas[1].exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: ladas[1].exe.12.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1861481504.00000000052B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSBuild.exeR vs SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMSBuild.exeR vs SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: webio.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winmm.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: webio.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iphlpapi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winnsi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dnsapi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rasadhlp.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: fwpuclnt.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: schannel.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mskeyprotect.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncryptsslp.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: msasn1.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptsp.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rsaenh.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptbase.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: gpapi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: vaultcli.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wintypes.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.storage.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wldp.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntmarta.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dpapi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iertutil.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: profapi.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: kernel.appcore.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: urlmon.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: srvcli.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: netutils.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: uxtheme.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: propsys.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: edputil.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wintypes.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: appresolver.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: bcp47langs.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: slc.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: userenv.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sppc.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winmm.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: webio.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: schannel.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mskeyprotect.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncryptsslp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: gpapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: wsock32.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: winmm.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: mpr.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: wininet.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: windows.shell.servicehostbuilder.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: ieframe.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: wkscli.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: edputil.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: secur32.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: mlang.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: policymanager.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: msvcp110_win.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: pcacli.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: sfc_os.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: ieframe.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: wkscli.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: ieframe.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: wkscli.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: ieframe.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: wkscli.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: appresolver.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: bcp47langs.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: slc.dll
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeSection loaded: sppc.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winmm.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: webio.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: schannel.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mskeyprotect.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncryptsslp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: gpapi.dll
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: apphelp.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: acgenral.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: uxtheme.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: winmm.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: samcli.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: msacm32.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: version.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: userenv.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: dwmapi.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: urlmon.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: mpr.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: sspicli.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: winmmbase.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: winmmbase.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: iertutil.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: srvcli.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: netutils.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: aclayers.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: sfc.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: sfc_os.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: wininet.dll
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSection loaded: kernel.appcore.dll
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: Section: ZLIB complexity 0.9993187964379371
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: Section: jqngduam ZLIB complexity 0.9906464914600968
                  Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9993187964379371
                  Source: RageMP131.exe.0.drStatic PE information: Section: jqngduam ZLIB complexity 0.9906464914600968
                  Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9993187964379371
                  Source: MPGPH131.exe.0.drStatic PE information: Section: jqngduam ZLIB complexity 0.9906464914600968
                  Source: niks[1].exe.0.drStatic PE information: Section: mevurvzu ZLIB complexity 0.9945473570528033
                  Source: _WH7GEUgP5nY6c3Q4pig.exe.0.drStatic PE information: Section: mevurvzu ZLIB complexity 0.9945473570528033
                  Source: plaza[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9996907199023861
                  Source: plaza[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.996942349137931
                  Source: plaza[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.991796875
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: Section: ZLIB complexity 0.9996907199023861
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: Section: ZLIB complexity 0.996942349137931
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: Section: ZLIB complexity 0.991796875
                  Source: ladas[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9996641995614035
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: Section: ZLIB complexity 0.9996641995614035
                  Source: EdgeMS131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9973527892561983
                  Source: EdgeMS131.exe.0.drStatic PE information: Section: odpxvryq ZLIB complexity 0.9944452678033725
                  Source: amert[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9973527892561983
                  Source: amert[1].exe.0.drStatic PE information: Section: odpxvryq ZLIB complexity 0.9944452678033725
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: Section: ZLIB complexity 0.9973527892561983
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: Section: odpxvryq ZLIB complexity 0.9944452678033725
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9973527892561983
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: Section: odpxvryq ZLIB complexity 0.9944452678033725
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9973527892561983
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: Section: odpxvryq ZLIB complexity 0.9944452678033725
                  Source: plaza[1].exe.12.drStatic PE information: Section: ZLIB complexity 0.9996907199023861
                  Source: plaza[1].exe.12.drStatic PE information: Section: ZLIB complexity 0.996942349137931
                  Source: plaza[1].exe.12.drStatic PE information: Section: ZLIB complexity 0.991796875
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: Section: ZLIB complexity 0.9996907199023861
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: Section: ZLIB complexity 0.996942349137931
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: Section: ZLIB complexity 0.991796875
                  Source: ladas[1].exe.12.drStatic PE information: Section: ZLIB complexity 0.9999811540570176
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: Section: ZLIB complexity 0.9999811540570176
                  Source: amert[2].exe.12.drStatic PE information: Section: ZLIB complexity 0.9976540977961432
                  Source: amert[2].exe.12.drStatic PE information: Section: pnqzgoyr ZLIB complexity 0.994066181159964
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: Section: ZLIB complexity 0.9976540977961432
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: Section: pnqzgoyr ZLIB complexity 0.994066181159964
                  Source: niks[1].exe.12.drStatic PE information: Section: bszskcvh ZLIB complexity 0.9943218129445762
                  Source: XVBRN46YoSEg_PLvB4Ku.exe.12.drStatic PE information: Section: bszskcvh ZLIB complexity 0.9943218129445762
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                  Source: ladas[1].exe.12.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@181/923@0/94
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_000FABA0 CreateToolhelp32Snapshot,11_2_000FABA0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\RageMP131Jump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1340:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5876:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9728:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9872:120:WilError_03
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user~1\AppData\Local\Temp\rage131MP.tmpJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: firefox.exe, 00000032.00000003.2212339323.0000017438EEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2214596571.0000017438DA6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1238312051.00000000052B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 0000000B.00000003.1291671005.0000000004F20000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3747761601.00000000000F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 0000000C.00000002.2102984321.00000000000F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 0000000C.00000003.1294616369.0000000004C50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1598643514.0000000000841000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 00000011.00000003.1394674409.00000000050F0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1767901365.0000000000841000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: firefox.exe, 00000032.00000003.2212339323.0000017438EEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
                  Source: firefox.exe, 00000032.00000003.2212339323.0000017438EEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1238312051.00000000052B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 0000000B.00000003.1291671005.0000000004F20000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3747761601.00000000000F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 0000000C.00000002.2102984321.00000000000F1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 0000000C.00000003.1294616369.0000000004C50000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1598643514.0000000000841000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 00000011.00000003.1394674409.00000000050F0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1767901365.0000000000841000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                  Source: firefox.exe, 00000032.00000003.2212339323.0000017438EEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
                  Source: MPGPH131.exe, 0000000B.00000003.1392017267.0000000001284000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1390158333.0000000001283000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1394748094.000000000127C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE;aS
                  Source: firefox.exe, 00000032.00000003.2207906829.0000017439D64000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
                  Source: firefox.exe, 00000032.00000003.2212339323.0000017438EEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
                  Source: firefox.exe, 00000032.00000003.2212339323.0000017438EEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
                  Source: firefox.exe, 00000032.00000003.2212339323.0000017438EEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1316646091.000000000151B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1316403333.000000000151E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1412567488.000000000127E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1672610521.0000000001281000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1673552943.0000000001286000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1404291007.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1358978525.0000000006016000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1420498469.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1405215164.0000000001287000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1392017267.0000000001284000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: firefox.exe, 00000032.00000003.2212339323.0000017438EEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
                  Source: firefox.exe, 00000032.00000003.2212339323.0000017438EEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeReversingLabs: Detection: 55%
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: MPGPH131.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
                  Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe "C:\Users\user~1\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe"
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1900,i,12042421020142427047,15786954676034076756,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1912,i,14123316736380451074,15008792521962585165,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,17548813359493007476,4145100225753045264,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                  Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1960,i,1618289422158722010,7429834957061146292,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 HR" /sc HOURLY /rl HIGHEST
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2064,i,13272552955058679350,15913954508286482383,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2064,i,3932159021268247471,17896344974051134979,262144 /prefetch:3
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.facebook.com/video
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1076 --field-trial-handle=1440,i,723544732951361242,13798842814435574485,262144 /prefetch:3
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 LG" /sc ONLOGON /rl HIGHEST
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=1988,i,4751795589634086725,15677866470349412690,262144 /prefetch:3
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                  Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevation
                  Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video --attempting-deelevation
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                  Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com --attempting-deelevation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHESTJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHESTJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe "C:\Users\user~1\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 HR" /sc HOURLY /rl HIGHESTJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 LG" /sc ONLOGON /rl HIGHESTJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: unknown unknownJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1912,i,14123316736380451074,15008792521962585165,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1900,i,12042421020142427047,15786954676034076756,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,17548813359493007476,4145100225753045264,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1960,i,1618289422158722010,7429834957061146292,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2064,i,3932159021268247471,17896344974051134979,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2064,i,13272552955058679350,15913954508286482383,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1076 --field-trial-handle=1440,i,723544732951361242,13798842814435574485,262144 /prefetch:3
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=1988,i,4751795589634086725,15677866470349412690,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A66AEDC-93C3-4ACC-BA96-08F5716429F7}\InProcServer32
                  Source: EdgeMS131.lnk.0.drLNK file: ..\..\..\..\..\..\Local\Temp\EdgeMS131\EdgeMS131.exe
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic file information: File size 2300928 > 1048576
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: Raw size of jqngduam is bigger than: 0x100000 < 0x19d800

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeUnpacked PE file: 0.2.SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe.b60000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jqngduam:EW;kbulycau:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jqngduam:EW;kbulycau:EW;.taggant:EW;
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 11.2.MPGPH131.exe.f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jqngduam:EW;kbulycau:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jqngduam:EW;kbulycau:EW;.taggant:EW;
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 12.2.MPGPH131.exe.f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jqngduam:EW;kbulycau:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jqngduam:EW;kbulycau:EW;.taggant:EW;
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 17.2.RageMP131.exe.840000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jqngduam:EW;kbulycau:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jqngduam:EW;kbulycau:EW;.taggant:EW;
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 28.2.RageMP131.exe.840000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jqngduam:EW;kbulycau:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jqngduam:EW;kbulycau:EW;.taggant:EW;
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeUnpacked PE file: 46.2.MSIUpdaterV131.exe.480000.0.unpack :EW;.rsrc:W;.idata :W; :EW;odpxvryq:EW;anidzile:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;odpxvryq:EW;anidzile:EW;.taggant:EW;
                  Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                  Source: amert[1].exe.0.drStatic PE information: real checksum: 0x1d5c70 should be: 0x1d4a90
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: real checksum: 0x1d5c70 should be: 0x1d4a90
                  Source: amert[2].exe.12.drStatic PE information: real checksum: 0x1dd410 should be: 0x1e1152
                  Source: RageMP131.exe.0.drStatic PE information: real checksum: 0x234e81 should be: 0x237c81
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: real checksum: 0x234e81 should be: 0x237c81
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: real checksum: 0x243b9c should be: 0x237bc3
                  Source: ladas[1].exe.12.drStatic PE information: real checksum: 0x243b9c should be: 0x237bc3
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: real checksum: 0x0 should be: 0x2e9dbd
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: real checksum: 0x1d5c70 should be: 0x1d4a90
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: real checksum: 0x1dd410 should be: 0x1e1152
                  Source: plaza[1].exe.0.drStatic PE information: real checksum: 0x0 should be: 0x2e9dbd
                  Source: plaza[1].exe.12.drStatic PE information: real checksum: 0x0 should be: 0x2e9dbd
                  Source: EdgeMS131.exe.0.drStatic PE information: real checksum: 0x1d5c70 should be: 0x1d4a90
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x2e9dbd
                  Source: MPGPH131.exe.0.drStatic PE information: real checksum: 0x234e81 should be: 0x237c81
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: real checksum: 0x1d5c70 should be: 0x1d4a90
                  Source: ladas[1].exe.0.drStatic PE information: real checksum: 0x23a499 should be: 0x24505b
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: real checksum: 0x23a499 should be: 0x24505b
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: section name: .idata
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: section name:
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: section name: jqngduam
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: section name: kbulycau
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: section name: .taggant
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name: .idata
                  Source: RageMP131.exe.0.drStatic PE information: section name:
                  Source: RageMP131.exe.0.drStatic PE information: section name: jqngduam
                  Source: RageMP131.exe.0.drStatic PE information: section name: kbulycau
                  Source: RageMP131.exe.0.drStatic PE information: section name: .taggant
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name: .idata
                  Source: MPGPH131.exe.0.drStatic PE information: section name:
                  Source: MPGPH131.exe.0.drStatic PE information: section name: jqngduam
                  Source: MPGPH131.exe.0.drStatic PE information: section name: kbulycau
                  Source: MPGPH131.exe.0.drStatic PE information: section name: .taggant
                  Source: niks[1].exe.0.drStatic PE information: section name:
                  Source: niks[1].exe.0.drStatic PE information: section name: .idata
                  Source: niks[1].exe.0.drStatic PE information: section name:
                  Source: niks[1].exe.0.drStatic PE information: section name: mevurvzu
                  Source: niks[1].exe.0.drStatic PE information: section name: dvmgpahi
                  Source: _WH7GEUgP5nY6c3Q4pig.exe.0.drStatic PE information: section name:
                  Source: _WH7GEUgP5nY6c3Q4pig.exe.0.drStatic PE information: section name: .idata
                  Source: _WH7GEUgP5nY6c3Q4pig.exe.0.drStatic PE information: section name:
                  Source: _WH7GEUgP5nY6c3Q4pig.exe.0.drStatic PE information: section name: mevurvzu
                  Source: _WH7GEUgP5nY6c3Q4pig.exe.0.drStatic PE information: section name: dvmgpahi
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: plaza[1].exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name:
                  Source: ladas[1].exe.0.drStatic PE information: section name:
                  Source: ladas[1].exe.0.drStatic PE information: section name: .idata
                  Source: ladas[1].exe.0.drStatic PE information: section name:
                  Source: ladas[1].exe.0.drStatic PE information: section name: ylraglyl
                  Source: ladas[1].exe.0.drStatic PE information: section name: uyguhsif
                  Source: ladas[1].exe.0.drStatic PE information: section name: .taggant
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: section name:
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: section name: .idata
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: section name:
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: section name: ylraglyl
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: section name: uyguhsif
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: section name: .taggant
                  Source: EdgeMS131.exe.0.drStatic PE information: section name:
                  Source: EdgeMS131.exe.0.drStatic PE information: section name: .idata
                  Source: EdgeMS131.exe.0.drStatic PE information: section name:
                  Source: EdgeMS131.exe.0.drStatic PE information: section name: odpxvryq
                  Source: EdgeMS131.exe.0.drStatic PE information: section name: anidzile
                  Source: EdgeMS131.exe.0.drStatic PE information: section name: .taggant
                  Source: amert[1].exe.0.drStatic PE information: section name:
                  Source: amert[1].exe.0.drStatic PE information: section name: .idata
                  Source: amert[1].exe.0.drStatic PE information: section name:
                  Source: amert[1].exe.0.drStatic PE information: section name: odpxvryq
                  Source: amert[1].exe.0.drStatic PE information: section name: anidzile
                  Source: amert[1].exe.0.drStatic PE information: section name: .taggant
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: section name:
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: section name: .idata
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: section name:
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: section name: odpxvryq
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: section name: anidzile
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: section name: .taggant
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name:
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: .idata
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name:
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: odpxvryq
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: anidzile
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: .taggant
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: section name:
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: .idata
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: section name:
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: odpxvryq
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: anidzile
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: .taggant
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: plaza[1].exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name:
                  Source: ladas[1].exe.12.drStatic PE information: section name:
                  Source: ladas[1].exe.12.drStatic PE information: section name: .idata
                  Source: ladas[1].exe.12.drStatic PE information: section name:
                  Source: ladas[1].exe.12.drStatic PE information: section name: ewxuruvs
                  Source: ladas[1].exe.12.drStatic PE information: section name: oacrgbfp
                  Source: ladas[1].exe.12.drStatic PE information: section name: .taggant
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: section name:
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: section name: .idata
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: section name:
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: section name: ewxuruvs
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: section name: oacrgbfp
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: section name: .taggant
                  Source: amert[2].exe.12.drStatic PE information: section name:
                  Source: amert[2].exe.12.drStatic PE information: section name: .idata
                  Source: amert[2].exe.12.drStatic PE information: section name:
                  Source: amert[2].exe.12.drStatic PE information: section name: pnqzgoyr
                  Source: amert[2].exe.12.drStatic PE information: section name: xzseijod
                  Source: amert[2].exe.12.drStatic PE information: section name: .taggant
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: section name:
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: section name: .idata
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: section name:
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: section name: pnqzgoyr
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: section name: xzseijod
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: section name: .taggant
                  Source: niks[1].exe.12.drStatic PE information: section name:
                  Source: niks[1].exe.12.drStatic PE information: section name: .idata
                  Source: niks[1].exe.12.drStatic PE information: section name:
                  Source: niks[1].exe.12.drStatic PE information: section name: bszskcvh
                  Source: niks[1].exe.12.drStatic PE information: section name: qpnzysyi
                  Source: XVBRN46YoSEg_PLvB4Ku.exe.12.drStatic PE information: section name:
                  Source: XVBRN46YoSEg_PLvB4Ku.exe.12.drStatic PE information: section name: .idata
                  Source: XVBRN46YoSEg_PLvB4Ku.exe.12.drStatic PE information: section name:
                  Source: XVBRN46YoSEg_PLvB4Ku.exe.12.drStatic PE information: section name: bszskcvh
                  Source: XVBRN46YoSEg_PLvB4Ku.exe.12.drStatic PE information: section name: qpnzysyi
                  Source: gmpopenh264.dll.tmp.50.drStatic PE information: section name: .rodata
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C3D638 push ecx; ret 0_2_00C3D64B
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_001CD638 push ecx; ret 11_2_001CD64B
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: section name: entropy: 7.986030065230696
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeStatic PE information: section name: jqngduam entropy: 7.951459786801299
                  Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.986030065230696
                  Source: RageMP131.exe.0.drStatic PE information: section name: jqngduam entropy: 7.951459786801299
                  Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.986030065230696
                  Source: MPGPH131.exe.0.drStatic PE information: section name: jqngduam entropy: 7.951459786801299
                  Source: niks[1].exe.0.drStatic PE information: section name: entropy: 7.805848017695961
                  Source: niks[1].exe.0.drStatic PE information: section name: mevurvzu entropy: 7.952856695442597
                  Source: _WH7GEUgP5nY6c3Q4pig.exe.0.drStatic PE information: section name: entropy: 7.805848017695961
                  Source: _WH7GEUgP5nY6c3Q4pig.exe.0.drStatic PE information: section name: mevurvzu entropy: 7.952856695442597
                  Source: plaza[1].exe.0.drStatic PE information: section name: entropy: 7.999581718869073
                  Source: plaza[1].exe.0.drStatic PE information: section name: entropy: 7.995113372610183
                  Source: plaza[1].exe.0.drStatic PE information: section name: entropy: 7.328497434539265
                  Source: plaza[1].exe.0.drStatic PE information: section name: entropy: 7.980648969816646
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name: entropy: 7.999581718869073
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name: entropy: 7.995113372610183
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name: entropy: 7.328497434539265
                  Source: u1qcfpIk_jMf8TqxGWKO.exe.0.drStatic PE information: section name: entropy: 7.980648969816646
                  Source: ladas[1].exe.0.drStatic PE information: section name: entropy: 7.976158744882166
                  Source: ladas[1].exe.0.drStatic PE information: section name: ylraglyl entropy: 7.950770290151771
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: section name: entropy: 7.976158744882166
                  Source: NPpBaQ8mvtuVlc8hdwT4.exe.0.drStatic PE information: section name: ylraglyl entropy: 7.950770290151771
                  Source: EdgeMS131.exe.0.drStatic PE information: section name: entropy: 7.976674760074283
                  Source: EdgeMS131.exe.0.drStatic PE information: section name: odpxvryq entropy: 7.954198068208456
                  Source: amert[1].exe.0.drStatic PE information: section name: entropy: 7.976674760074283
                  Source: amert[1].exe.0.drStatic PE information: section name: odpxvryq entropy: 7.954198068208456
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: section name: entropy: 7.976674760074283
                  Source: mZFmu1Xdn33jwBaBkyPP.exe.0.drStatic PE information: section name: odpxvryq entropy: 7.954198068208456
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: entropy: 7.976674760074283
                  Source: AdobeUpdaterV131.exe.0.drStatic PE information: section name: odpxvryq entropy: 7.954198068208456
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: entropy: 7.976674760074283
                  Source: MSIUpdaterV131.exe.0.drStatic PE information: section name: odpxvryq entropy: 7.954198068208456
                  Source: plaza[1].exe.12.drStatic PE information: section name: entropy: 7.999581718869073
                  Source: plaza[1].exe.12.drStatic PE information: section name: entropy: 7.995113372610183
                  Source: plaza[1].exe.12.drStatic PE information: section name: entropy: 7.328497434539265
                  Source: plaza[1].exe.12.drStatic PE information: section name: entropy: 7.980648969816646
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name: entropy: 7.999581718869073
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name: entropy: 7.995113372610183
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name: entropy: 7.328497434539265
                  Source: 5iIJTbdsN2MJtwDonh3p.exe.12.drStatic PE information: section name: entropy: 7.980648969816646
                  Source: ladas[1].exe.12.drStatic PE information: section name: entropy: 7.985420953011132
                  Source: ladas[1].exe.12.drStatic PE information: section name: ewxuruvs entropy: 7.950549239410205
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: section name: entropy: 7.985420953011132
                  Source: v1VZ6nGHGXr580lMFhVz.exe.12.drStatic PE information: section name: ewxuruvs entropy: 7.950549239410205
                  Source: amert[2].exe.12.drStatic PE information: section name: entropy: 7.982290211009022
                  Source: amert[2].exe.12.drStatic PE information: section name: pnqzgoyr entropy: 7.953496922723378
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: section name: entropy: 7.982290211009022
                  Source: CPgYvz9Aj0UjQFQxMO66.exe.12.drStatic PE information: section name: pnqzgoyr entropy: 7.953496922723378
                  Source: niks[1].exe.12.drStatic PE information: section name: entropy: 7.8030157727727865
                  Source: niks[1].exe.12.drStatic PE information: section name: bszskcvh entropy: 7.9533057311707305
                  Source: XVBRN46YoSEg_PLvB4Ku.exe.12.drStatic PE information: section name: entropy: 7.8030157727727865
                  Source: XVBRN46YoSEg_PLvB4Ku.exe.12.drStatic PE information: section name: bszskcvh entropy: 7.9533057311707305
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\Temp\EdgeMS131\EdgeMS131.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\NPpBaQ8mvtuVlc8hdwT4.exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\amert[2].exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\u1qcfpIk_jMf8TqxGWKO.exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\fu[2].exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\plaza[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\niks[1].exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\XVBRN46YoSEg_PLvB4Ku.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\fu[1].exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\x5MiuJIGTLsEg19UprNr.exeJump to dropped file
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmpJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\_WH7GEUgP5nY6c3Q4pig.exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\plaza[1].exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\CPgYvz9Aj0UjQFQxMO66.exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\v1VZ6nGHGXr580lMFhVz.exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\5iIJTbdsN2MJtwDonh3p.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\amert[1].exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\ladas[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeJump to dropped file
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll (copy)Jump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\ladas[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\mZFmu1Xdn33jwBaBkyPP.exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\niks[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeJump to dropped file

                  Boot Survival

                  barindex
                  Creates multiple autostart registry keys
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV131Jump to behavior
                  Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeWindow searched: window name: RegmonclassJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeWindow searched: window name: FilemonclassJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonclassJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonclassJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonclassJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClass
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: RegmonClass
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: FilemonClass
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: Regmonclass
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: Filemonclass
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClass
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: RegmonClass
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClass
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: Regmonclass
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: Filemonclass
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClass
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: RegmonClass
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: FilemonClass
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: Regmonclass
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: Filemonclass
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow searched: window name: Regmonclass
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: FilemonClass
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: RegmonClass
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: FilemonClass
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS131.lnkJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS131.lnkJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV131Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV131Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect sandboxes / dynamic malware analysis system (registry check)
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                  Tries to detect virtualization through RDTSC time measurements
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000C9F847 second address: 0000000000C9F84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000C9F84B second address: 0000000000C9F851 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000C9F851 second address: 0000000000C9F86A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007FDD2CDF206Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000C9F86A second address: 0000000000C9F86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E05A17 second address: 0000000000E05A20 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E05A20 second address: 0000000000E05A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E05A26 second address: 0000000000E05A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FDD2CDF2066h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E05A39 second address: 0000000000E05A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E05A3D second address: 0000000000E05A41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E05A41 second address: 0000000000E05A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E05A4D second address: 0000000000E05A51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E1659F second address: 0000000000E165DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FDD2CB6A5F6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007FDD2CB6A609h 0x00000016 je 00007FDD2CB6A5F6h 0x0000001c popad 0x0000001d pushad 0x0000001e push eax 0x0000001f pop eax 0x00000020 jnp 00007FDD2CB6A5F6h 0x00000026 push esi 0x00000027 pop esi 0x00000028 popad 0x00000029 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E165DC second address: 0000000000E165E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E165E2 second address: 0000000000E165E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E165E6 second address: 0000000000E165FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007FDD2CDF2066h 0x0000000d jns 00007FDD2CDF2066h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E165FB second address: 0000000000E16601 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E168A8 second address: 0000000000E168AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E168AC second address: 0000000000E168B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E168B2 second address: 0000000000E168C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jne 00007FDD2CDF2066h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E16A32 second address: 0000000000E16A38 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E16D05 second address: 0000000000E16D0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E19F1F second address: 0000000000E19F29 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FDD2CB6A5F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E19F29 second address: 0000000000E19F33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FDD2CDF2066h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E19F33 second address: 0000000000E19F5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e pop esi 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007FDD2CB6A5FDh 0x00000018 mov eax, dword ptr [eax] 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E19F5A second address: 0000000000E19F5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E19F5E second address: 0000000000E19FD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDD2CB6A5FDh 0x0000000b popad 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jnl 00007FDD2CB6A605h 0x00000016 pop eax 0x00000017 push 00000003h 0x00000019 adc si, 4DB1h 0x0000001e push 00000000h 0x00000020 mov esi, dword ptr [ebp+122D2AEEh] 0x00000026 push 00000003h 0x00000028 push 00000000h 0x0000002a push ecx 0x0000002b call 00007FDD2CB6A5F8h 0x00000030 pop ecx 0x00000031 mov dword ptr [esp+04h], ecx 0x00000035 add dword ptr [esp+04h], 0000001Ah 0x0000003d inc ecx 0x0000003e push ecx 0x0000003f ret 0x00000040 pop ecx 0x00000041 ret 0x00000042 mov dx, 0721h 0x00000046 push AABCB54Ah 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e jg 00007FDD2CB6A5F6h 0x00000054 pushad 0x00000055 popad 0x00000056 popad 0x00000057 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E19FD4 second address: 0000000000E1A01B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 6ABCB54Ah 0x0000000f mov dword ptr [ebp+122D22C6h], ebx 0x00000015 lea ebx, dword ptr [ebp+1244DDE9h] 0x0000001b jc 00007FDD2CDF206Ch 0x00000021 and edx, dword ptr [ebp+122D1EBEh] 0x00000027 xchg eax, ebx 0x00000028 pushad 0x00000029 pushad 0x0000002a pushad 0x0000002b popad 0x0000002c pushad 0x0000002d popad 0x0000002e popad 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FDD2CDF2076h 0x00000036 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E1A01B second address: 0000000000E1A03A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A5FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jne 00007FDD2CB6A604h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E1A0D3 second address: 0000000000E1A131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 add dword ptr [esp], 120FF431h 0x0000000f mov dword ptr [ebp+122D32D5h], esi 0x00000015 push 00000003h 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007FDD2CDF2068h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 0000001Bh 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 mov edx, edi 0x00000033 mov dword ptr [ebp+122D1EB5h], edi 0x00000039 push 00000000h 0x0000003b movzx esi, ax 0x0000003e push 00000003h 0x00000040 mov ecx, dword ptr [ebp+122D278Ah] 0x00000046 push 832B85BCh 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e jc 00007FDD2CDF2066h 0x00000054 pop eax 0x00000055 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E1A1B5 second address: 0000000000E1A24E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop esi 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov ecx, 25177825h 0x00000013 push 00000000h 0x00000015 call 00007FDD2CB6A601h 0x0000001a mov dword ptr [ebp+122D17E0h], edx 0x00000020 pop edx 0x00000021 push E1619C34h 0x00000026 push ebx 0x00000027 jns 00007FDD2CB6A5F8h 0x0000002d pop ebx 0x0000002e add dword ptr [esp], 1E9E644Ch 0x00000035 mov esi, 2AFA4B9Bh 0x0000003a push 00000003h 0x0000003c mov esi, dword ptr [ebp+122D1DB8h] 0x00000042 push 00000000h 0x00000044 jnl 00007FDD2CB6A5FAh 0x0000004a push 00000003h 0x0000004c movzx edx, dx 0x0000004f mov dword ptr [ebp+122D1BEBh], eax 0x00000055 call 00007FDD2CB6A5F9h 0x0000005a jmp 00007FDD2CB6A5FAh 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 pushad 0x00000064 popad 0x00000065 jmp 00007FDD2CB6A608h 0x0000006a popad 0x0000006b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E1A24E second address: 0000000000E1A292 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007FDD2CDF206Fh 0x00000011 mov eax, dword ptr [eax] 0x00000013 jng 00007FDD2CDF2075h 0x00000019 jmp 00007FDD2CDF206Fh 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 je 00007FDD2CDF206Ch 0x0000002a jl 00007FDD2CDF2066h 0x00000030 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E1A292 second address: 0000000000E1A29C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FDD2CB6A5FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E2AB97 second address: 0000000000E2AB9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E37F41 second address: 0000000000E37F47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E380C0 second address: 0000000000E380C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E380C6 second address: 0000000000E380CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E380CA second address: 0000000000E380CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3835A second address: 0000000000E38388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FDD2CB6A5F6h 0x0000000a popad 0x0000000b jne 00007FDD2CB6A613h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E38388 second address: 0000000000E383AA instructions: 0x00000000 rdtsc 0x00000002 js 00007FDD2CDF206Eh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jc 00007FDD2CDF2066h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FDD2CDF2070h 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E383AA second address: 0000000000E383B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E38513 second address: 0000000000E3851E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3851E second address: 0000000000E38522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E386C4 second address: 0000000000E386C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E386C9 second address: 0000000000E3871D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FDD2CB6A5FFh 0x00000008 jmp 00007FDD2CB6A5FCh 0x0000000d pop edi 0x0000000e pushad 0x0000000f jc 00007FDD2CB6A5F6h 0x00000015 jmp 00007FDD2CB6A605h 0x0000001a jmp 00007FDD2CB6A607h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3871D second address: 0000000000E3872E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jp 00007FDD2CDF20ABh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3872E second address: 0000000000E3874B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD2CB6A609h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3874B second address: 0000000000E38751 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E38751 second address: 0000000000E3875F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FDD2CB6A5F6h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E30D0B second address: 0000000000E30D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E38FCD second address: 0000000000E38FEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A602h 0x00000007 jno 00007FDD2CB6A5F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E38FEE second address: 0000000000E39002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD2CDF206Dh 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E39002 second address: 0000000000E39008 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E395DC second address: 0000000000E395E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E395E4 second address: 0000000000E395EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FDD2CB6A5F6h 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E39A43 second address: 0000000000E39A58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD2CDF2071h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E39A58 second address: 0000000000E39A5E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3C8EF second address: 0000000000E3C8F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3CD13 second address: 0000000000E3CD27 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FDD2CB6A5F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3CE9A second address: 0000000000E3CEBF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FDD2CDF2066h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FDD2CDF2079h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3CEBF second address: 0000000000E3CEC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3E27E second address: 0000000000E3E289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FDD2CDF2066h 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3E289 second address: 0000000000E3E29B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b jns 00007FDD2CB6A5F6h 0x00000011 pop eax 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E3E29B second address: 0000000000E3E2A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E46135 second address: 0000000000E4613D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E458C1 second address: 0000000000E458DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FDD2CDF2073h 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E45D18 second address: 0000000000E45D1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E45EC2 second address: 0000000000E45EC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E46980 second address: 0000000000E46984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E46C2F second address: 0000000000E46C46 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FDD2CDF206Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E46C46 second address: 0000000000E46C57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A5FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E46EFB second address: 0000000000E46F1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDD2CDF2071h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jng 00007FDD2CDF207Bh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4702F second address: 0000000000E47040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jo 00007FDD2CB6A5F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E47040 second address: 0000000000E47045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E47045 second address: 0000000000E4704B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E474CB second address: 0000000000E47532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FDD2CDF206Ch 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FDD2CDF206Bh 0x00000012 pushad 0x00000013 jmp 00007FDD2CDF2072h 0x00000018 jmp 00007FDD2CDF2073h 0x0000001d popad 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 call 00007FDD2CDF2072h 0x00000025 sub esi, dword ptr [ebp+122D1B20h] 0x0000002b pop edi 0x0000002c push eax 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E47532 second address: 0000000000E47536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E47536 second address: 0000000000E4753A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4753A second address: 0000000000E47544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E47544 second address: 0000000000E47548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E47548 second address: 0000000000E4754C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E47A5E second address: 0000000000E47A82 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FDD2CDF2066h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FDD2CDF2078h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E480BC second address: 0000000000E480CA instructions: 0x00000000 rdtsc 0x00000002 jne 00007FDD2CB6A5F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E480CA second address: 0000000000E480CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4A501 second address: 0000000000E4A512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD2CB6A5FDh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4A512 second address: 0000000000E4A534 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FDD2CDF2076h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4AF1E second address: 0000000000E4AF41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A607h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FDD2CB6A5FCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4AF41 second address: 0000000000E4AF8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a mov di, 66B6h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007FDD2CDF2068h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a mov esi, eax 0x0000002c push eax 0x0000002d push eax 0x0000002e pushad 0x0000002f jmp 00007FDD2CDF2075h 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4B93E second address: 0000000000E4B95D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c pushad 0x0000000d jmp 00007FDD2CB6A600h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4B95D second address: 0000000000E4B9C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 nop 0x00000007 and edi, 0635FC55h 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007FDD2CDF2068h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 mov edi, 3DB65E46h 0x0000002e sbb di, 6A60h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push esi 0x00000038 call 00007FDD2CDF2068h 0x0000003d pop esi 0x0000003e mov dword ptr [esp+04h], esi 0x00000042 add dword ptr [esp+04h], 00000015h 0x0000004a inc esi 0x0000004b push esi 0x0000004c ret 0x0000004d pop esi 0x0000004e ret 0x0000004f push esi 0x00000050 add di, CEABh 0x00000055 pop esi 0x00000056 xchg eax, ebx 0x00000057 pushad 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4B752 second address: 0000000000E4B75C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FDD2CB6A5F6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4B9C1 second address: 0000000000E4B9CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4B9CA second address: 0000000000E4B9CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4B9CE second address: 0000000000E4B9D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4C3CF second address: 0000000000E4C3D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4C3D5 second address: 0000000000E4C3D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4CBBE second address: 0000000000E4CBED instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FDD2CB6A5F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jng 00007FDD2CB6A5F8h 0x00000013 pushad 0x00000014 jmp 00007FDD2CB6A607h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E502F5 second address: 0000000000E50364 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007FDD2CDF2068h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 call 00007FDD2CDF206Eh 0x00000028 mov dword ptr [ebp+1244E4E4h], edx 0x0000002e pop ebx 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push esi 0x00000034 call 00007FDD2CDF2068h 0x00000039 pop esi 0x0000003a mov dword ptr [esp+04h], esi 0x0000003e add dword ptr [esp+04h], 00000017h 0x00000046 inc esi 0x00000047 push esi 0x00000048 ret 0x00000049 pop esi 0x0000004a ret 0x0000004b push 00000000h 0x0000004d movzx ebx, cx 0x00000050 xchg eax, esi 0x00000051 push eax 0x00000052 push edx 0x00000053 jp 00007FDD2CDF206Ch 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E50364 second address: 0000000000E50368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E50368 second address: 0000000000E50388 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FDD2CDF2070h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d je 00007FDD2CDF206Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5132C second address: 0000000000E513B9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FDD2CB6A5FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FDD2CB6A601h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007FDD2CB6A5F8h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b jmp 00007FDD2CB6A600h 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push esi 0x00000035 call 00007FDD2CB6A5F8h 0x0000003a pop esi 0x0000003b mov dword ptr [esp+04h], esi 0x0000003f add dword ptr [esp+04h], 00000018h 0x00000047 inc esi 0x00000048 push esi 0x00000049 ret 0x0000004a pop esi 0x0000004b ret 0x0000004c or edi, 03D2C4E9h 0x00000052 push 00000000h 0x00000054 mov dword ptr [ebp+122D1D69h], ecx 0x0000005a xchg eax, esi 0x0000005b pushad 0x0000005c pushad 0x0000005d push esi 0x0000005e pop esi 0x0000005f push eax 0x00000060 pop eax 0x00000061 popad 0x00000062 push eax 0x00000063 push edx 0x00000064 push edx 0x00000065 pop edx 0x00000066 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5150A second address: 0000000000E51510 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E558FF second address: 0000000000E55903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E55903 second address: 0000000000E5590D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FDD2CDF2066h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5590D second address: 0000000000E55911 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E589EB second address: 0000000000E58A04 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FDD2CDF206Ah 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E57A57 second address: 0000000000E57A5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E57A5D second address: 0000000000E57A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E57A61 second address: 0000000000E57A97 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FDD2CB6A5F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007FDD2CB6A601h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FDD2CB6A605h 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E56B7D second address: 0000000000E56B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E56B81 second address: 0000000000E56B85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E56B85 second address: 0000000000E56B97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FDD2CDF2068h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E58C22 second address: 0000000000E58C2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FDD2CB6A5F6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5A8FA second address: 0000000000E5A90C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FDD2CDF2068h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E58C2C second address: 0000000000E58C30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5A90C second address: 0000000000E5A91A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FDD2CDF2066h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5A91A second address: 0000000000E5A946 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 or edi, dword ptr [ebp+122D1C02h] 0x0000000e add bx, 63E4h 0x00000013 push 00000000h 0x00000015 jp 00007FDD2CB6A5F8h 0x0000001b mov ebx, esi 0x0000001d push 00000000h 0x0000001f mov dword ptr [ebp+122D1E7Ch], eax 0x00000025 xchg eax, esi 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push ecx 0x0000002b pop ecx 0x0000002c rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5A946 second address: 0000000000E5A94C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5A94C second address: 0000000000E5A975 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A602h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d jmp 00007FDD2CB6A5FEh 0x00000012 pop ebx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5B873 second address: 0000000000E5B887 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2070h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5B887 second address: 0000000000E5B891 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FDD2CB6A5FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5B891 second address: 0000000000E5B8A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E59B09 second address: 0000000000E59B0F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E59B0F second address: 0000000000E59B19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FDD2CDF2066h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5E603 second address: 0000000000E5E611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FDD2CB6A5F6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5AAC7 second address: 0000000000E5AACB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5E611 second address: 0000000000E5E6AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FDD2CB6A5F8h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 mov ebx, dword ptr [ebp+122D2E68h] 0x0000002b push 00000000h 0x0000002d call 00007FDD2CB6A607h 0x00000032 sub dword ptr [ebp+122D1E92h], ebx 0x00000038 pop ebx 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ebp 0x0000003e call 00007FDD2CB6A5F8h 0x00000043 pop ebp 0x00000044 mov dword ptr [esp+04h], ebp 0x00000048 add dword ptr [esp+04h], 00000014h 0x00000050 inc ebp 0x00000051 push ebp 0x00000052 ret 0x00000053 pop ebp 0x00000054 ret 0x00000055 mov dword ptr [ebp+122D1F11h], ebx 0x0000005b push ecx 0x0000005c mov ebx, 301EB06Dh 0x00000061 pop edi 0x00000062 xchg eax, esi 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007FDD2CB6A608h 0x0000006a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5AB8E second address: 0000000000E5AB98 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FDD2CDF2066h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5AB98 second address: 0000000000E5ABA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FDD2CB6A5F6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5ABA2 second address: 0000000000E5ABA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5ABA6 second address: 0000000000E5ABBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e jnl 00007FDD2CB6A5F6h 0x00000014 popad 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5ABBB second address: 0000000000E5ABD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD2CDF2076h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5F6C3 second address: 0000000000E5F6E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A605h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FDD2CB6A5FCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5F6E4 second address: 0000000000E5F6F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FDD2CDF2066h 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5F6F4 second address: 0000000000E5F6FE instructions: 0x00000000 rdtsc 0x00000002 jp 00007FDD2CB6A5F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E607C7 second address: 0000000000E607CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5BADC second address: 0000000000E5BAE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E607CC second address: 0000000000E607F6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FDD2CDF206Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e jmp 00007FDD2CDF2075h 0x00000013 pop ecx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E607F6 second address: 0000000000E607FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5C949 second address: 0000000000E5C966 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDD2CDF2078h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5CA15 second address: 0000000000E5CA1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5CA1C second address: 0000000000E5CA45 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FDD2CDF2068h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FDD2CDF207Ah 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E5D8D6 second address: 0000000000E5D90C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FDD2CB6A608h 0x0000000c jmp 00007FDD2CB6A5FFh 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E682F1 second address: 0000000000E682F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E682F5 second address: 0000000000E682F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E68430 second address: 0000000000E68434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E68434 second address: 0000000000E6844D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FDD2CB6A5FFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E6844D second address: 0000000000E68451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E685CB second address: 0000000000E685D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E685D4 second address: 0000000000E685FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2070h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FDD2CDF206Bh 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E685FB second address: 0000000000E685FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E6C9F6 second address: 0000000000E6C9FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E6CA95 second address: 0000000000E6CA9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E72766 second address: 0000000000E7276A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E72FEB second address: 0000000000E72FF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E73309 second address: 0000000000E73317 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E73317 second address: 0000000000E7331B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E7331B second address: 0000000000E73323 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E735EB second address: 0000000000E735F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E783A0 second address: 0000000000E783C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 jbe 00007FDD2CDF2066h 0x0000000e popad 0x0000000f pop edx 0x00000010 jp 00007FDD2CDF2082h 0x00000016 push ecx 0x00000017 push edx 0x00000018 pop edx 0x00000019 pop ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c jc 00007FDD2CDF2066h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E783C4 second address: 0000000000E783C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E784E8 second address: 0000000000E784EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E784EC second address: 0000000000E7850D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FDD2CB6A5F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jc 00007FDD2CB6A5F6h 0x00000013 push edx 0x00000014 pop edx 0x00000015 pop edx 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 jne 00007FDD2CB6A5F6h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E7850D second address: 0000000000E7851A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FDD2CDF2066h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E7851A second address: 0000000000E7851E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E7851E second address: 0000000000E7852B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E78954 second address: 0000000000E7895A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E7895A second address: 0000000000E7896D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FDD2CDF206Bh 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E7896D second address: 0000000000E78977 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FDD2CB6A5F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E78977 second address: 0000000000E7897D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E7897D second address: 0000000000E789BF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FDD2CB6A613h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDD2CB6A609h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E789BF second address: 0000000000E789CC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E789CC second address: 0000000000E789D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FDD2CB6A5F6h 0x0000000a pop edi 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E78B37 second address: 0000000000E78B61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2076h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FDD2CDF2070h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E78B61 second address: 0000000000E78B7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 jbe 00007FDD2CB6A5F6h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FDD2CB6A5FCh 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E78B7F second address: 0000000000E78B89 instructions: 0x00000000 rdtsc 0x00000002 js 00007FDD2CDF2072h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E77A81 second address: 0000000000E77ACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD2CB6A607h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push ecx 0x0000000d jl 00007FDD2CB6A5F6h 0x00000013 jmp 00007FDD2CB6A607h 0x00000018 pop ecx 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FDD2CB6A5FCh 0x00000023 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E77ACF second address: 0000000000E77ADD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FDD2CDF2066h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E77ADD second address: 0000000000E77AF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A5FDh 0x00000007 jnc 00007FDD2CB6A5F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E81F2C second address: 0000000000E81F6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2073h 0x00000007 jmp 00007FDD2CDF2075h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FDD2CDF2074h 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E81F6E second address: 0000000000E81F7C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FDD2CB6A5F6h 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E81F7C second address: 0000000000E81F80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E80D74 second address: 0000000000E80D8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FDD2CB6A600h 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E80D8F second address: 0000000000E80DA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FDD2CDF2072h 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E80DA9 second address: 0000000000E80DAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E80DAE second address: 0000000000E80DB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E80DB4 second address: 0000000000E80DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E80DBA second address: 0000000000E80DC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E80DC3 second address: 0000000000E80DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4DF66 second address: 0000000000E4DF70 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FDD2CDF206Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4DF70 second address: 0000000000E4DF7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4DF7D second address: 0000000000E4DF88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FDD2CDF2066h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4DF88 second address: 0000000000E30D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 cld 0x00000009 call dword ptr [ebp+1244E346h] 0x0000000f pushad 0x00000010 jnl 00007FDD2CB6A5FAh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4E3AA second address: 0000000000E4E3AF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4E3AF second address: 0000000000C9F847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a xor edx, 16967B3Ah 0x00000010 push dword ptr [ebp+122D00F9h] 0x00000016 xor ecx, 619A9F6Dh 0x0000001c call dword ptr [ebp+122D1DCAh] 0x00000022 pushad 0x00000023 add dword ptr [ebp+122D20F5h], ebx 0x00000029 pushad 0x0000002a mov bx, 9DDEh 0x0000002e jmp 00007FDD2CB6A5FAh 0x00000033 popad 0x00000034 xor eax, eax 0x00000036 jmp 00007FDD2CB6A607h 0x0000003b pushad 0x0000003c mov dl, 1Bh 0x0000003e mov edi, esi 0x00000040 popad 0x00000041 mov edx, dword ptr [esp+28h] 0x00000045 add dword ptr [ebp+122D1F1Ch], edx 0x0000004b mov dword ptr [ebp+122D27BEh], eax 0x00000051 cld 0x00000052 pushad 0x00000053 add dh, FFFFFFDDh 0x00000056 add esi, 192940E2h 0x0000005c popad 0x0000005d mov esi, 0000003Ch 0x00000062 stc 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 sub dword ptr [ebp+122D20F5h], edi 0x0000006d lodsw 0x0000006f mov dword ptr [ebp+122D1BDEh], ecx 0x00000075 add eax, dword ptr [esp+24h] 0x00000079 cmc 0x0000007a mov ebx, dword ptr [esp+24h] 0x0000007e cld 0x0000007f nop 0x00000080 push eax 0x00000081 push edx 0x00000082 push eax 0x00000083 push edx 0x00000084 push eax 0x00000085 push edx 0x00000086 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4E5C5 second address: 0000000000E4E5CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4E892 second address: 0000000000E4E898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4EF9F second address: 0000000000E4EFA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4F025 second address: 0000000000E4F029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4F029 second address: 0000000000E4F02D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4F02D second address: 0000000000E4F033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4F033 second address: 0000000000E4F038 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4F038 second address: 0000000000E4F057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FDD2CB6A603h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4F057 second address: 0000000000E4F05C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4F05C second address: 0000000000E4F0B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov edx, 6FD9F6F7h 0x0000000d lea eax, dword ptr [ebp+12481CD8h] 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007FDD2CB6A5F8h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d pushad 0x0000002e jnl 00007FDD2CB6A5FBh 0x00000034 add esi, dword ptr [ebp+122DB3E8h] 0x0000003a popad 0x0000003b push eax 0x0000003c jc 00007FDD2CB6A602h 0x00000042 jc 00007FDD2CB6A5FCh 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4F0B3 second address: 0000000000E4F101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 mov dword ptr [ebp+1245FB9Bh], ebx 0x0000000d lea eax, dword ptr [ebp+12481C94h] 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FDD2CDF2068h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d mov dh, 97h 0x0000002f jl 00007FDD2CDF206Ch 0x00000035 mov dword ptr [ebp+122D1AA5h], esi 0x0000003b push eax 0x0000003c pushad 0x0000003d pushad 0x0000003e jc 00007FDD2CDF2066h 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4F101 second address: 0000000000E31821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FDD2CB6A607h 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FDD2CB6A5F8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 xor cx, 9E36h 0x0000002d xor ecx, 4CCEED5Ah 0x00000033 call dword ptr [ebp+122D331Ah] 0x00000039 je 00007FDD2CB6A5FEh 0x0000003f jl 00007FDD2CB6A5F8h 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FDD2CB6A5FEh 0x0000004c push esi 0x0000004d jmp 00007FDD2CB6A603h 0x00000052 pop esi 0x00000053 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8138A second address: 0000000000E813B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2073h 0x00000007 jno 00007FDD2CDF2066h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E813B2 second address: 0000000000E813DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FDD2CB6A60Eh 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8168E second address: 0000000000E81694 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E81694 second address: 0000000000E8169A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8169A second address: 0000000000E816B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 jmp 00007FDD2CDF206Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E816B1 second address: 0000000000E816B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E816B7 second address: 0000000000E816BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8198E second address: 0000000000E819B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD2CB6A608h 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jnp 00007FDD2CB6A5F6h 0x00000012 popad 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E81B32 second address: 0000000000E81B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E84C6D second address: 0000000000E84C71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E89243 second address: 0000000000E89269 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2073h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FDD2CDF2066h 0x00000012 jg 00007FDD2CDF2066h 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E89269 second address: 0000000000E8926D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E893DA second address: 0000000000E893E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E893E0 second address: 0000000000E893E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E897FC second address: 0000000000E89802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E89802 second address: 0000000000E8980C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8980C second address: 0000000000E89811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E89811 second address: 0000000000E8981C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jne 00007FDD2CB6A5F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8981C second address: 0000000000E89825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E88F4A second address: 0000000000E88F7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007FDD2CB6A608h 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007FDD2CB6A5FDh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E88F7F second address: 0000000000E88F89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8D382 second address: 0000000000E8D386 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8D386 second address: 0000000000E8D38C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8D38C second address: 0000000000E8D39A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FDD2CB6A5F8h 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8D39A second address: 0000000000E8D3C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push esi 0x00000006 pop esi 0x00000007 jg 00007FDD2CDF2066h 0x0000000d jmp 00007FDD2CDF2078h 0x00000012 popad 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E0C480 second address: 0000000000E0C484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E0C484 second address: 0000000000E0C4B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2071h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jng 00007FDD2CDF2066h 0x00000010 jmp 00007FDD2CDF206Ah 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jne 00007FDD2CDF2066h 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8CF2B second address: 0000000000E8CF34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8FF82 second address: 0000000000E8FF8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E8FF8B second address: 0000000000E8FF8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E96A26 second address: 0000000000E96A2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E956F9 second address: 0000000000E956FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E959B9 second address: 0000000000E959DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FDD2CDF2071h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007FDD2CDF2066h 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E959DA second address: 0000000000E95A24 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FDD2CB6A5F6h 0x00000008 jmp 00007FDD2CB6A608h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FDD2CB6A605h 0x00000015 jmp 00007FDD2CB6A601h 0x0000001a popad 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E95A24 second address: 0000000000E95A29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4EAF5 second address: 0000000000E4EAFA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9A950 second address: 0000000000E9A954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9A954 second address: 0000000000E9A95C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9AC21 second address: 0000000000E9AC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9AC2C second address: 0000000000E9AC41 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDD2CB6A5FBh 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9ADAE second address: 0000000000E9ADBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007FDD2CDF2066h 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9ADBD second address: 0000000000E9ADC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9E2E3 second address: 0000000000E9E2F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9E2F4 second address: 0000000000E9E301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9E301 second address: 0000000000E9E307 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9DA6B second address: 0000000000E9DA85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FDD2CB6A5F6h 0x0000000a jbe 00007FDD2CB6A5FAh 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9DA85 second address: 0000000000E9DA89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9DA89 second address: 0000000000E9DA8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9DD0E second address: 0000000000E9DD14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9DD14 second address: 0000000000E9DD2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A603h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9DD2E second address: 0000000000E9DD34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9DD34 second address: 0000000000E9DD3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E9DD3A second address: 0000000000E9DD3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA4623 second address: 0000000000EA4679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FDD2CB6A5F6h 0x0000000a pop ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d jmp 00007FDD2CB6A601h 0x00000012 jmp 00007FDD2CB6A607h 0x00000017 jmp 00007FDD2CB6A608h 0x0000001c pushad 0x0000001d ja 00007FDD2CB6A5F6h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA47EE second address: 0000000000EA47F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA4962 second address: 0000000000EA497A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A604h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA497A second address: 0000000000EA498A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA498A second address: 0000000000EA4990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA4990 second address: 0000000000EA4994 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA4994 second address: 0000000000EA499A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E4DF0B second address: 0000000000E4DF66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jng 00007FDD2CDF206Eh 0x0000000d nop 0x0000000e mov cx, ax 0x00000011 lea eax, dword ptr [ebp+12481C94h] 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007FDD2CDF2068h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 0000001Ah 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 jp 00007FDD2CDF2073h 0x00000037 nop 0x00000038 push eax 0x00000039 push edx 0x0000003a push ecx 0x0000003b push edi 0x0000003c pop edi 0x0000003d pop ecx 0x0000003e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA5159 second address: 0000000000EA515D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA576F second address: 0000000000EA5784 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA5784 second address: 0000000000EA578C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA578C second address: 0000000000EA5790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA5790 second address: 0000000000EA57A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA5A56 second address: 0000000000EA5A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FDD2CDF2066h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA5A60 second address: 0000000000EA5A66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EAA36A second address: 0000000000EAA370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EAA370 second address: 0000000000EAA379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EAA379 second address: 0000000000EAA37F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EAA37F second address: 0000000000EAA3A9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FDD2CB6A5F6h 0x00000008 jmp 00007FDD2CB6A606h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop esi 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007FDD2CB6A5F6h 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA96EC second address: 0000000000EA96F6 instructions: 0x00000000 rdtsc 0x00000002 js 00007FDD2CDF206Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA982F second address: 0000000000EA9866 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDD2CB6A604h 0x0000000f jmp 00007FDD2CB6A609h 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA9866 second address: 0000000000EA986A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EA9C38 second address: 0000000000EA9C3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EAA012 second address: 0000000000EAA016 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EB1CE9 second address: 0000000000EB1CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jc 00007FDD2CB6A5F6h 0x0000000e pop edx 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EB1CFF second address: 0000000000EB1D03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EB9A1B second address: 0000000000EB9A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EB9A1F second address: 0000000000EB9A23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EB7D40 second address: 0000000000EB7D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EB81EA second address: 0000000000EB81FA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FDD2CDF206Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EB81FA second address: 0000000000EB8230 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FDD2CB6A5FAh 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FDD2CB6A607h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FDD2CB6A5FCh 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EB879B second address: 0000000000EB87A5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FDD2CDF2066h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EB772F second address: 0000000000EB773D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FDD2CB6A5F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EB773D second address: 0000000000EB7755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnp 00007FDD2CDF206Eh 0x0000000b push eax 0x0000000c pop eax 0x0000000d jnc 00007FDD2CDF2066h 0x00000013 push edi 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EC0877 second address: 0000000000EC0896 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007FDD2CB6A5FAh 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EC0896 second address: 0000000000EC089B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EC8A16 second address: 0000000000EC8A1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E114D9 second address: 0000000000E114E3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FDD2CDF2066h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E114E3 second address: 0000000000E114E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E114E9 second address: 0000000000E114F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E114F0 second address: 0000000000E114FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000E114FB second address: 0000000000E11501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000ED5585 second address: 0000000000ED5595 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jbe 00007FDD2CB6A5FAh 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000ED5595 second address: 0000000000ED559B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000ED559B second address: 0000000000ED559F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000ED559F second address: 0000000000ED55C6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b jmp 00007FDD2CDF2079h 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000ED55C6 second address: 0000000000ED55CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000ED50A8 second address: 0000000000ED50AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000ED50AC second address: 0000000000ED50B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000ED50B6 second address: 0000000000ED50C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FDD2CDF2066h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000ED50C0 second address: 0000000000ED5119 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FDD2CB6A5F6h 0x00000008 jp 00007FDD2CB6A5F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 jnl 00007FDD2CB6A5F6h 0x00000018 jmp 00007FDD2CB6A5FFh 0x0000001d pushad 0x0000001e popad 0x0000001f js 00007FDD2CB6A5F6h 0x00000025 popad 0x00000026 push ecx 0x00000027 jmp 00007FDD2CB6A609h 0x0000002c pop ecx 0x0000002d jp 00007FDD2CB6A5F8h 0x00000033 pushad 0x00000034 popad 0x00000035 push eax 0x00000036 push edx 0x00000037 push edx 0x00000038 pop edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000ED5281 second address: 0000000000ED5287 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EDE62B second address: 0000000000EDE645 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 je 00007FDD2CB6A5F6h 0x00000009 pop edx 0x0000000a jmp 00007FDD2CB6A5FAh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EE2B05 second address: 0000000000EE2B23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Fh 0x00000007 pushad 0x00000008 jnl 00007FDD2CDF2066h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EEA18A second address: 0000000000EEA197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnc 00007FDD2CB6A5F6h 0x0000000c popad 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EEA463 second address: 0000000000EEA467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EEA467 second address: 0000000000EEA490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FDD2CB6A60Ch 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EEA490 second address: 0000000000EEA4A6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FDD2CDF206Ch 0x00000008 ja 00007FDD2CDF2072h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EEA8E7 second address: 0000000000EEA90A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007FDD2CB6A600h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 jc 00007FDD2CB6A5FCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EEA90A second address: 0000000000EEA91F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FDD2CDF206Fh 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EEAC0A second address: 0000000000EEAC0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EF2ABC second address: 0000000000EF2AC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EF2AC7 second address: 0000000000EF2ACD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000EF2ACD second address: 0000000000EF2AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F071CC second address: 0000000000F071D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F071D2 second address: 0000000000F07203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 ja 00007FDD2CDF208Ah 0x0000000d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F12CD8 second address: 0000000000F12CE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FDD2CB6A5F6h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F12CE9 second address: 0000000000F12CF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F12CF8 second address: 0000000000F12D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDD2CB6A602h 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F14C26 second address: 0000000000F14C2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3C708 second address: 0000000000F3C71B instructions: 0x00000000 rdtsc 0x00000002 jne 00007FDD2CB6A5F6h 0x00000008 jng 00007FDD2CB6A5F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3C004 second address: 0000000000F3C015 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnp 00007FDD2CDF2066h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DF0C second address: 0000000000F3DF18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DF18 second address: 0000000000F3DF1D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DF1D second address: 0000000000F3DF23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DF23 second address: 0000000000F3DF2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DF2C second address: 0000000000F3DF36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FDD2CB6A5F6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DF36 second address: 0000000000F3DF4D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FDD2CDF2066h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 jns 00007FDD2CDF2066h 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DF4D second address: 0000000000F3DF58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DF58 second address: 0000000000F3DF60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DF60 second address: 0000000000F3DF68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DF68 second address: 0000000000F3DF74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FDD2CDF2066h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DD84 second address: 0000000000F3DD9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A5FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007FDD2CB6A5F6h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DD9C second address: 0000000000F3DDC1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FDD2CDF2066h 0x00000010 jmp 00007FDD2CDF2075h 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F3DDC1 second address: 0000000000F3DDD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A600h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F41FB4 second address: 0000000000F41FBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F421D4 second address: 0000000000F4220E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edx, dword ptr [ebp+122D2230h] 0x00000014 jmp 00007FDD2CB6A601h 0x00000019 push 00000004h 0x0000001b movzx edx, ax 0x0000001e mov edx, eax 0x00000020 call 00007FDD2CB6A5F9h 0x00000025 push edi 0x00000026 push eax 0x00000027 push edx 0x00000028 push ebx 0x00000029 pop ebx 0x0000002a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F4220E second address: 0000000000F4222E instructions: 0x00000000 rdtsc 0x00000002 ja 00007FDD2CDF2066h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FDD2CDF2072h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F4222E second address: 0000000000F42238 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FDD2CB6A5F6h 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F42238 second address: 0000000000F42282 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FDD2CDF2066h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push esi 0x00000011 push ebx 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 pop esi 0x00000016 mov eax, dword ptr [eax] 0x00000018 jne 00007FDD2CDF2084h 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 ja 00007FDD2CDF2066h 0x0000002c rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F42282 second address: 0000000000F42288 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F4255C second address: 0000000000F42560 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000000F43AA5 second address: 0000000000F43ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD2CB6A604h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054B0684 second address: 00000000054B0694 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD2CDF206Ch 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054B0694 second address: 00000000054B0698 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054B0698 second address: 00000000054B06A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov cx, dx 0x0000000f popad 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054B06A8 second address: 00000000054B06AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054B06AE second address: 00000000054B06B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054B06B2 second address: 00000000054B06C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov dx, 4886h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054B06C4 second address: 00000000054B06C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054B06C9 second address: 00000000054B06F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A5FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FDD2CB6A607h 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054B06F2 second address: 00000000054B06F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005490112 second address: 0000000005490153 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 pushfd 0x00000006 jmp 00007FDD2CB6A5FBh 0x0000000b adc si, FF8Eh 0x00000010 jmp 00007FDD2CB6A609h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov si, CA69h 0x00000021 mov esi, 28AFA425h 0x00000026 popad 0x00000027 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005490153 second address: 0000000005490159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005490159 second address: 000000000549015D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 000000000549015D second address: 0000000005490175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FDD2CDF206Bh 0x00000012 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005490175 second address: 0000000005490179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005490179 second address: 000000000549017F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 000000000549017F second address: 0000000005490185 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005490185 second address: 0000000005490189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005490189 second address: 00000000054901C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FDD2CB6A608h 0x00000011 adc ax, 56C8h 0x00000016 jmp 00007FDD2CB6A5FBh 0x0000001b popfd 0x0000001c mov edx, ecx 0x0000001e popad 0x0000001f pop ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054901C8 second address: 00000000054901CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054901CC second address: 00000000054901D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054901D2 second address: 00000000054901D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054901D8 second address: 00000000054901DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0496 second address: 00000000054F0517 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 mov bx, si 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FDD2CDF2072h 0x00000014 sub ecx, 3E4C6938h 0x0000001a jmp 00007FDD2CDF206Bh 0x0000001f popfd 0x00000020 push esi 0x00000021 movsx edx, cx 0x00000024 pop eax 0x00000025 popad 0x00000026 push eax 0x00000027 jmp 00007FDD2CDF206Eh 0x0000002c xchg eax, ebp 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 push edx 0x00000031 pop esi 0x00000032 pushfd 0x00000033 jmp 00007FDD2CDF2079h 0x00000038 adc ecx, 5AF30136h 0x0000003e jmp 00007FDD2CDF2071h 0x00000043 popfd 0x00000044 popad 0x00000045 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005480C7C second address: 0000000005480C92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A5FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005480C92 second address: 0000000005480C96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005480C96 second address: 0000000005480CB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A607h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005480CB1 second address: 0000000005480CC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD2CDF2074h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005480CC9 second address: 0000000005480CCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005480CCD second address: 0000000005480D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FDD2CDF206Eh 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FDD2CDF206Eh 0x00000016 sub eax, 59E26908h 0x0000001c jmp 00007FDD2CDF206Bh 0x00000021 popfd 0x00000022 mov edx, eax 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 jmp 00007FDD2CDF2072h 0x0000002c push dword ptr [ebp+04h] 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005480D27 second address: 0000000005480D2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0260 second address: 00000000054F0264 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0264 second address: 00000000054F026A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F026A second address: 00000000054F0280 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD2CDF2072h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0CC9 second address: 00000000054C0CD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov al, dh 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 000000000551015D second address: 0000000005510163 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005510163 second address: 0000000005510167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005510167 second address: 000000000551016B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 000000000551016B second address: 00000000055101C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FDD2CB6A5FDh 0x00000011 and ax, 04C6h 0x00000016 jmp 00007FDD2CB6A601h 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007FDD2CB6A600h 0x00000022 xor ax, 8568h 0x00000027 jmp 00007FDD2CB6A5FBh 0x0000002c popfd 0x0000002d popad 0x0000002e pop ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000055101C5 second address: 00000000055101C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000055101C9 second address: 00000000055101CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000055101CF second address: 00000000055101D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000055101D5 second address: 00000000055101D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0AB0 second address: 00000000054F0AE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDD2CDF2077h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FDD2CDF2074h 0x00000013 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0AE4 second address: 00000000054F0AE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0AE9 second address: 00000000054F0AFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, BF72h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0AFA second address: 00000000054F0B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, cx 0x00000007 popad 0x00000008 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 000000000549047C second address: 000000000549048B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 000000000549048B second address: 0000000005490491 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005490491 second address: 00000000054904E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov ah, dl 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FDD2CDF206Eh 0x00000016 xor si, C718h 0x0000001b jmp 00007FDD2CDF206Bh 0x00000020 popfd 0x00000021 mov eax, 32641ECFh 0x00000026 popad 0x00000027 popad 0x00000028 xchg eax, ebp 0x00000029 jmp 00007FDD2CDF2072h 0x0000002e mov ebp, esp 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054904E9 second address: 00000000054904ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054904ED second address: 00000000054904F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054904F3 second address: 00000000054904F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054904F9 second address: 00000000054904FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054904FD second address: 0000000005490501 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F02C8 second address: 00000000054F02CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F02CE second address: 00000000054F02F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A5FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FDD2CB6A607h 0x00000011 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F02F6 second address: 00000000054F02FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F02FC second address: 00000000054F0300 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0300 second address: 00000000054F033F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FDD2CDF206Eh 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FDD2CDF206Eh 0x00000016 sub cl, 00000078h 0x00000019 jmp 00007FDD2CDF206Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F033F second address: 00000000054F0363 instructions: 0x00000000 rdtsc 0x00000002 mov dx, BFF2h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a call 00007FDD2CB6A609h 0x0000000f pop ecx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0868 second address: 00000000054F0885 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2079h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0885 second address: 00000000054F0923 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FDD2CB6A607h 0x00000011 xor eax, 152D1F6Eh 0x00000017 jmp 00007FDD2CB6A609h 0x0000001c popfd 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f pushad 0x00000020 mov esi, 497FC7EFh 0x00000025 pushad 0x00000026 call 00007FDD2CB6A602h 0x0000002b pop esi 0x0000002c pushfd 0x0000002d jmp 00007FDD2CB6A5FBh 0x00000032 add al, 0000002Eh 0x00000035 jmp 00007FDD2CB6A609h 0x0000003a popfd 0x0000003b popad 0x0000003c popad 0x0000003d mov ebp, esp 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0923 second address: 00000000054F0927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0927 second address: 00000000054F092D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F092D second address: 00000000054F0933 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0933 second address: 00000000054F0937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0937 second address: 00000000054F096B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c mov al, 5Bh 0x0000000e jmp 00007FDD2CDF206Bh 0x00000013 popad 0x00000014 and dword ptr [eax], 00000000h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FDD2CDF2075h 0x0000001e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F096B second address: 00000000054F097B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD2CB6A5FCh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0B5C second address: 00000000054C0B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0B60 second address: 00000000054C0B64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0B64 second address: 00000000054C0B6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0B6A second address: 00000000054C0B8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FDD2CB6A600h 0x00000008 pop eax 0x00000009 mov dh, F6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0B8A second address: 00000000054C0B8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0B8E second address: 00000000054C0B94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0B94 second address: 00000000054C0BC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, ecx 0x00000005 mov esi, 21255B3Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007FDD2CDF2075h 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FDD2CDF206Dh 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0BC7 second address: 00000000054C0BCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0BCD second address: 00000000054C0BD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0BD1 second address: 00000000054C0C03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A603h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FDD2CB6A605h 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0C03 second address: 00000000054C0C5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDD2CDF2077h 0x00000009 and si, E02Eh 0x0000000e jmp 00007FDD2CDF2079h 0x00000013 popfd 0x00000014 mov ah, AAh 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pop ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FDD2CDF2076h 0x00000021 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0BAF second address: 00000000054F0BD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A5FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FDD2CB6A5FBh 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov bx, cx 0x00000016 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054A0A54 second address: 00000000054A0A58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054A0A58 second address: 00000000054A0AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FDD2CB6A604h 0x0000000c jmp 00007FDD2CB6A605h 0x00000011 popfd 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FDD2CB6A608h 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054A0AA7 second address: 00000000054A0AAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054A0AAB second address: 00000000054A0AB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054A0AB1 second address: 00000000054A0AB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054A0AB6 second address: 00000000054A0AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054A0AC6 second address: 00000000054A0ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054A0ACA second address: 00000000054A0ACE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054A0ACE second address: 00000000054A0AD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054A0AD4 second address: 00000000054A0ADA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054A0ADA second address: 00000000054A0AEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov esi, 3CA8A639h 0x00000011 push ecx 0x00000012 pop edi 0x00000013 popad 0x00000014 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500A1A second address: 0000000005500A1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500A1E second address: 0000000005500A38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2076h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500A38 second address: 0000000005500AA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDD2CB6A601h 0x00000009 xor ecx, 33C55EE6h 0x0000000f jmp 00007FDD2CB6A601h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FDD2CB6A600h 0x0000001b jmp 00007FDD2CB6A605h 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 mov ebp, esp 0x00000026 jmp 00007FDD2CB6A5FEh 0x0000002b xchg eax, ecx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f mov eax, ebx 0x00000031 pushad 0x00000032 popad 0x00000033 popad 0x00000034 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500AA8 second address: 0000000005500AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500AAE second address: 0000000005500AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500AB2 second address: 0000000005500B22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FDD2CDF206Bh 0x00000011 xchg eax, ecx 0x00000012 jmp 00007FDD2CDF2076h 0x00000017 mov eax, dword ptr [778165FCh] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007FDD2CDF206Dh 0x00000024 pushfd 0x00000025 jmp 00007FDD2CDF2070h 0x0000002a xor ecx, 18C74408h 0x00000030 jmp 00007FDD2CDF206Bh 0x00000035 popfd 0x00000036 popad 0x00000037 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500B22 second address: 0000000005500B3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD2CB6A604h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500B3A second address: 0000000005500B6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d jmp 00007FDD2CDF2076h 0x00000012 je 00007FDD9F084E69h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500B6E second address: 0000000005500B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDD2CB6A603h 0x00000009 popad 0x0000000a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500B86 second address: 0000000005500BB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2079h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, eax 0x0000000b pushad 0x0000000c mov ecx, 7CB522B3h 0x00000011 mov edi, ecx 0x00000013 popad 0x00000014 xor eax, dword ptr [ebp+08h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500BB7 second address: 0000000005500BBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500BBB second address: 0000000005500BD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2078h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500BD7 second address: 0000000005500BFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 0294h 0x00000007 call 00007FDD2CB6A5FDh 0x0000000c pop eax 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 and ecx, 1Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov bx, D03Ah 0x0000001a popad 0x0000001b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500BFA second address: 0000000005500C2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 pushfd 0x00000007 jmp 00007FDD2CDF206Ah 0x0000000c and esi, 6C3AED78h 0x00000012 jmp 00007FDD2CDF206Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b ror eax, cl 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov ah, bl 0x00000022 mov eax, 6DDB1243h 0x00000027 popad 0x00000028 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500C2D second address: 0000000005500C33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 0000000005500C33 second address: 0000000005500C37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0DC3 second address: 00000000054F0E07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FDD2CB6A5FAh 0x00000013 sub esi, 047536D8h 0x00000019 jmp 00007FDD2CB6A5FBh 0x0000001e popfd 0x0000001f mov eax, 76A2B98Fh 0x00000024 popad 0x00000025 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0E07 second address: 00000000054F0E0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0E0D second address: 00000000054F0E11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0E11 second address: 00000000054F0E46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FDD2CDF2073h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FDD2CDF2075h 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0E46 second address: 00000000054F0E78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDD2CB6A607h 0x00000008 push ecx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebp+08h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FDD2CB6A5FCh 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054F0E78 second address: 00000000054F0E7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0034 second address: 00000000054C0049 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A5FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0049 second address: 00000000054C0050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dh, 04h 0x00000006 popad 0x00000007 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0050 second address: 00000000054C0091 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A603h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FDD2CB6A606h 0x00000010 and esp, FFFFFFF8h 0x00000013 pushad 0x00000014 mov dx, ax 0x00000017 mov di, cx 0x0000001a popad 0x0000001b xchg eax, ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov ecx, ebx 0x00000021 popad 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0091 second address: 00000000054C0096 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0096 second address: 00000000054C00D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FDD2CB6A5FEh 0x0000000d xchg eax, ecx 0x0000000e jmp 00007FDD2CB6A600h 0x00000013 xchg eax, ebx 0x00000014 jmp 00007FDD2CB6A600h 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C00D5 second address: 00000000054C00DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C00DB second address: 00000000054C00E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C00E1 second address: 00000000054C010E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2071h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edx 0x00000010 pop ecx 0x00000011 jmp 00007FDD2CDF206Fh 0x00000016 popad 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C010E second address: 00000000054C015B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 mov si, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebx, dword ptr [ebp+10h] 0x0000000e jmp 00007FDD2CB6A5FDh 0x00000013 xchg eax, esi 0x00000014 pushad 0x00000015 pushad 0x00000016 call 00007FDD2CB6A5FAh 0x0000001b pop ecx 0x0000001c mov bx, F956h 0x00000020 popad 0x00000021 jmp 00007FDD2CB6A607h 0x00000026 popad 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C015B second address: 00000000054C015F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C015F second address: 00000000054C0165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0165 second address: 00000000054C016B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C016B second address: 00000000054C016F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C016F second address: 00000000054C020C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d jmp 00007FDD2CDF2074h 0x00000012 jmp 00007FDD2CDF2072h 0x00000017 popad 0x00000018 mov esi, dword ptr [ebp+08h] 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FDD2CDF206Eh 0x00000022 jmp 00007FDD2CDF2075h 0x00000027 popfd 0x00000028 push ecx 0x00000029 pushad 0x0000002a popad 0x0000002b pop edx 0x0000002c popad 0x0000002d xchg eax, edi 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 mov ax, di 0x00000034 pushfd 0x00000035 jmp 00007FDD2CDF2071h 0x0000003a adc ax, 4036h 0x0000003f jmp 00007FDD2CDF2071h 0x00000044 popfd 0x00000045 popad 0x00000046 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C020C second address: 00000000054C029C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FDD2CB6A607h 0x00000011 and eax, 555A5E1Eh 0x00000017 jmp 00007FDD2CB6A609h 0x0000001c popfd 0x0000001d mov ax, CBE7h 0x00000021 popad 0x00000022 xchg eax, edi 0x00000023 jmp 00007FDD2CB6A5FAh 0x00000028 test esi, esi 0x0000002a jmp 00007FDD2CB6A600h 0x0000002f je 00007FDD9EE3898Eh 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FDD2CB6A607h 0x0000003c rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C029C second address: 00000000054C02C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 9Ch 0x00000005 mov di, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FDD2CDF2079h 0x00000019 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C02C9 second address: 00000000054C02CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C02CF second address: 00000000054C02D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C02D3 second address: 00000000054C02F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A603h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FDD9EE38935h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C02F8 second address: 00000000054C0313 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2077h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0313 second address: 00000000054C0318 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054C0318 second address: 00000000054C0398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FDD2CDF2075h 0x0000000a add cx, 0B36h 0x0000000f jmp 00007FDD2CDF2071h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov edx, dword ptr [esi+44h] 0x0000001b pushad 0x0000001c pushad 0x0000001d mov dx, si 0x00000020 call 00007FDD2CDF2076h 0x00000025 pop ecx 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 pushfd 0x0000002a jmp 00007FDD2CDF2071h 0x0000002f and ecx, 3FBCDDF6h 0x00000035 jmp 00007FDD2CDF2071h 0x0000003a popfd 0x0000003b rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D003C second address: 00000000054D0040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D0040 second address: 00000000054D0044 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D0044 second address: 00000000054D004A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D019F second address: 00000000054D01B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD2CDF2074h 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D01B7 second address: 00000000054D0204 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [77816968h], 00000002h 0x0000000f jmp 00007FDD2CB6A607h 0x00000014 jne 00007FDD9EE207CFh 0x0000001a jmp 00007FDD2CB6A606h 0x0000001f mov edx, dword ptr [ebp+0Ch] 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 push edi 0x00000026 pop ecx 0x00000027 push edi 0x00000028 pop ecx 0x00000029 popad 0x0000002a rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D0204 second address: 00000000054D025E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDD2CDF2070h 0x00000009 sub si, 9B68h 0x0000000e jmp 00007FDD2CDF206Bh 0x00000013 popfd 0x00000014 jmp 00007FDD2CDF2078h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FDD2CDF2077h 0x00000024 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D025E second address: 00000000054D0264 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D0264 second address: 00000000054D0285 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF206Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FDD2CDF206Bh 0x00000015 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D0285 second address: 00000000054D02A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CB6A609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D02A2 second address: 00000000054D02F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDD2CDF2071h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushfd 0x00000010 jmp 00007FDD2CDF2079h 0x00000015 add ecx, 66FEF306h 0x0000001b jmp 00007FDD2CDF2071h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D02F0 second address: 00000000054D0300 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDD2CB6A5FCh 0x00000009 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D0300 second address: 00000000054D0304 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRDTSC instruction interceptor: First address: 00000000054D0304 second address: 00000000054D034E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007FDD2CB6A5FCh 0x0000000e mov dword ptr [esp], ebx 0x00000011 jmp 00007FDD2CB6A600h 0x00000016 push dword ptr [ebp+14h] 0x00000019 jmp 00007FDD2CB6A600h 0x0000001e push dword ptr [ebp+10h] 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov si, di 0x00000027 mov ebx, 4081667Ch 0x0000002c popad 0x0000002d rdtsc
                  Tries to evade debugger and weak emulator (self modifying code)
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSpecial instruction interceptor: First address: 0000000000C9F8D8 instructions caused by: Self-modifying code
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSpecial instruction interceptor: First address: 000000000022F8D8 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSpecial instruction interceptor: First address: 000000000097F8D8 instructions caused by: Self-modifying code
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSpecial instruction interceptor: First address: 00000000004EBDD7 instructions caused by: Self-modifying code
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSpecial instruction interceptor: First address: 0000000000698611 instructions caused by: Self-modifying code
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSpecial instruction interceptor: First address: 0000000000696D9E instructions caused by: Self-modifying code
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSpecial instruction interceptor: First address: 00000000006C1D87 instructions caused by: Self-modifying code
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSpecial instruction interceptor: First address: 00000000006A1C54 instructions caused by: Self-modifying code
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeSpecial instruction interceptor: First address: 0000000000721A33 instructions caused by: Self-modifying code
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_05460E39 rdtsc 0_2_05460E39
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 9007Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeWindow / User API: threadDelayed 9987
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\NPpBaQ8mvtuVlc8hdwT4.exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\5iIJTbdsN2MJtwDonh3p.exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\amert[2].exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\u1qcfpIk_jMf8TqxGWKO.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\plaza[1].exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\ladas[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\niks[1].exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\XVBRN46YoSEg_PLvB4Ku.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\_WH7GEUgP5nY6c3Q4pig.exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\CPgYvz9Aj0UjQFQxMO66.exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\plaza[1].exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\v1VZ6nGHGXr580lMFhVz.exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\ladas[1].exeJump to dropped file
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\niks[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe TID: 1104Thread sleep time: -32016s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe TID: 5480Thread sleep time: -36000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe TID: 6952Thread sleep count: 87 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe TID: 8Thread sleep time: -38019s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe TID: 1280Thread sleep time: -48024s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe TID: 6768Thread sleep time: -46023s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe TID: 7000Thread sleep time: -50025s >= -30000sJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7240Thread sleep count: 95 > 30Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7240Thread sleep time: -190095s >= -30000sJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7248Thread sleep count: 99 > 30Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7248Thread sleep time: -198099s >= -30000sJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7484Thread sleep time: -36000s >= -30000sJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6608Thread sleep count: 103 > 30Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7252Thread sleep count: 75 > 30Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7252Thread sleep time: -150075s >= -30000sJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7256Thread sleep count: 67 > 30Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7256Thread sleep time: -134067s >= -30000sJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7232Thread sleep count: 9007 > 30Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7232Thread sleep time: -18023007s >= -30000sJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7236Thread sleep count: 105 > 30Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7236Thread sleep time: -210105s >= -30000sJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7260Thread sleep count: 77 > 30Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7260Thread sleep time: -154077s >= -30000sJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7372Thread sleep time: -46023s >= -30000s
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7344Thread sleep time: -46023s >= -30000s
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7488Thread sleep time: -48000s >= -30000s
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6484Thread sleep count: 96 > 30
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7352Thread sleep time: -60030s >= -30000s
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7356Thread sleep time: -50025s >= -30000s
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7348Thread sleep time: -48024s >= -30000s
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7360Thread sleep time: -54027s >= -30000s
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7364Thread sleep time: -54027s >= -30000s
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7368Thread sleep time: -50025s >= -30000s
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7744Thread sleep count: 45 > 30
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe TID: 8060Thread sleep time: -99870s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeThread sleep count: Count: 9987 delay: -10
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B6C050 FindFirstFileA,FindNextFileA,SetFileAttributesA,RemoveDirectoryA,__Mtx_unlock,0_2_00B6C050
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C3B4E5 FindFirstFileExW,0_2_00C3B4E5
                  Source: MPGPH131.exe, 0000000C.00000003.1766680161.0000000005D59000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000Vb7L+B+SHnG5QMq3okRvSaT0l1tRSPzgHDLQAAAAAOgAAAAAIAACAAAACojM3uvBrOEJPYaGb5+rHZcbELCtsitd9oQ1phHUOHxjAAAABvBxtM54Cnpuw6BM1asGhwGsddF1p6RJfWmZJQkD5f5qWTj4+PfHZ7Fz7PIXC7ibJAAAAA9V6b2G0t8TUJck10pevtVkhvSlfqU2TqUQErBZlVjsDOrej7joi2xZJzMXjK8Bb2CzK0saYHQMpjtheC1B7knA==
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                  Source: RageMP131.exe, 00000011.00000002.1601590165.00000000013B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`*>
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn+'
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.0000000001492000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3766658918.00000000011DF000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.00000000013DA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.000000000132B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3779168629.000001E26B342000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000C95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                  Source: firefox.exe, 00000035.00000002.3786258249.000001E274E97000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1331453275.00000000062A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                  Source: MPGPH131.exe, 0000000B.00000003.1325888060.00000000011F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.00000000011EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Vi
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1331453275.00000000062A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ra Change Transaction PasswordVMware20,11696492231
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1331453275.00000000062A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ebrokers.co.inVMware20,11696492231d
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1342842845.0000000006283000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1331453275.00000000062A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: billing_address_id.comVMware20,11696492
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000000F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0D
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1271161250.00000000014A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWQG
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1331453275.00000000062A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .comVMware20,11696492
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                  Source: MPGPH131.exe, 0000000C.00000003.1327309967.0000000000F90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}JT
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnt
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 0000000B.00000002.3752552821.00000000003AE000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 0000000C.00000002.2103693020.00000000003AE000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000011.00000002.1599071618.0000000000AFE000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 0000001C.00000002.1769187242.0000000000AFE000.00000040.00000001.01000000.00000007.sdmp, MSIUpdaterV131.exe, 0000002E.00000002.1769285562.0000000000677000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.000000000132B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1331453275.00000000062A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s.portal.azure.comVMware20,11696492231
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000001048000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: RageMP131.exe, 0000001C.00000002.1774965643.000000000135E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}3q
                  Source: RageMP131.exe, 0000001C.00000003.1603298429.0000000001362000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: RageMP131.exe, 0000001C.00000003.1603298429.0000000001362000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}'p
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1331453275.00000000062A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nickname.utiitsl.comVMware20,1169649223
                  Source: RageMP131.exe, 00000011.00000002.1601590165.00000000013B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000s\user~1\AppData\Local\Temp{
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1331453275.00000000062A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,1168
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000000F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&rF
                  Source: firefox.exe, 00000035.00000002.3779168629.000001E26B342000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
                  Source: firefox.exe, 00000035.00000002.3779168629.000001E26B342000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4r1
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.0000000001492000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                  Source: RageMP131.exe, 00000011.00000002.1601590165.00000000013BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sik&ven_vmware&prod_vidi&1656f219&0&000000#{07f-11d0-94f2-00a0c91e
                  Source: firefox.exe, 00000033.00000002.1888020329.0000024BF77A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: RageMP131.exe, 00000011.00000003.1421699506.00000000013C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Y
                  Source: MPGPH131.exe, 0000000B.00000002.3766658918.00000000011DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&!x
                  Source: MPGPH131.exe, 0000000C.00000002.2108579496.0000000000F8D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}DF
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                  Source: MPGPH131.exe, 0000000C.00000002.2128548799.00000000064EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1331453275.00000000062A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .utiitsl.comVMware20,1169649223
                  Source: RageMP131.exe, 00000011.00000002.1601590165.0000000001370000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000t
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 0000000B.00000002.3752552821.00000000003AE000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 0000000C.00000002.2103693020.00000000003AE000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000011.00000002.1599071618.0000000000AFE000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 0000001C.00000002.1769187242.0000000000AFE000.00000040.00000001.01000000.00000007.sdmp, MSIUpdaterV131.exe, 0000002E.00000002.1769285562.0000000000677000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                  Source: MPGPH131.exe, 0000000C.00000002.2123234674.0000000005D57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}lu
                  Source: MPGPH131.exe, 0000000C.00000003.1327309967.0000000000F90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}PG
                  Source: MPGPH131.exe, 0000000C.00000003.1647416814.0000000005D63000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeSystem information queried: ModuleInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Hides threads from debuggers
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebugger
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebugger
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebugger
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeThread information set: HideFromDebugger
                  Potentially malicious time measurement code found
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_05490EBD Start: 05490ECE End: 05490E9C0_2_05490EBD
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_050C0DA1 Start: 050C0E65 End: 050C0DFE11_2_050C0DA1
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_05150808 Start: 0515083C End: 0515081E11_2_05150808
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_051A0EAD Start: 051A0EDF End: 051A0EDB11_2_051A0EAD
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_051A05C0 Start: 051A06B1 End: 051A05DC11_2_051A05C0
                  Tries to detect sandboxes and other dynamic analysis tools (window names)
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: regmonclass
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: gbdyllo
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: procmon_window_class
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: ollydbg
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: filemonclass
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: NTICE
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: SICE
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeFile opened: SIWVID
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess queried: DebugPortJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPort
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPort
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPort
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeProcess queried: DebugPort
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeProcess queried: DebugPort
                  Source: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exeProcess queried: DebugPort
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_05460E39 rdtsc 0_2_05460E39
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00B74B00 mov eax, dword ptr fs:[00000030h]0_2_00B74B00
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 11_2_00104B00 mov eax, dword ptr fs:[00000030h]11_2_00104B00
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe "C:\Users\user~1\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeProcess created: unknown unknownJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: unknown unknown
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
                  Source: C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1391748098.00000000066DB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1801094506.0000000006919000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3749900219.0000000000502000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                  Source: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, MPGPH131.exe, 0000000B.00000002.3752552821.00000000003AE000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: @Program Manager
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeCode function: 0_2_00C3CE0B GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_00C3CE0B
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Amadeys stealer DLL
                  Source: Yara matchFile source: 46.2.MSIUpdaterV131.exe.480000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000002E.00000003.1644044585.0000000004B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000002E.00000002.1768331607.0000000000481000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Yara detected RisePro Stealer
                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 4644, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 7740, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 8560, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\wX6zn8pyLt2gpUsQYjkpSFK.zip, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\KbzYBQQ8rannFYWu8sfJ5n4.zip, type: DROPPED
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\formhistory.sqliteJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.jsonJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\cookies.sqlite
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LocalPrefs.json
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENT
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\logins.jsonJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqliteJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\signons.sqliteJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\places.sqliteJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\signons.sqliteJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile read: C:\Users\user\AppData\Local\Temp\adobey4k6Axf4h0vZ\Cookies\Chrome_Default.txt
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exeFile read: C:\Users\user\AppData\Local\Temp\adobeP2OuO4KF0LZU\Cookies\Chrome_Default.txtJump to behavior
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe PID: 7148, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected RisePro Stealer
                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 4644, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 7740, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 8560, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\wX6zn8pyLt2gpUsQYjkpSFK.zip, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\KbzYBQQ8rannFYWu8sfJ5n4.zip, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire Infrastructure1
                  Drive-by Compromise                  		2
                  Command and Scripting Interpreter                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  OS Credential Dumping                  		1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		1
                  Extra Window Memory Injection                  		4
                  Obfuscated Files or Information                  		1
                  Credentials In Files                  		2
                  File and Directory Discovery                  		Remote Desktop Protocol11
                  Data from Local System                  		2
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt121
                  Registry Run Keys / Startup Folder                  		12
                  Process Injection                  		12
                  Software Packing                  		Security Account Manager225
                  System Information Discovery                  		SMB/Windows Admin Shares1
                  Email Collection                  		SteganographyAutomated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		NTDS1
                  Query Registry                  		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script121
                  Registry Run Keys / Startup Folder                  		1
                  Extra Window Memory Injection                  		LSA Secrets741
                  Security Software Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                  Masquerading                  		Cached Domain Credentials25
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items25
                  Virtualization/Sandbox Evasion                  		DCSync3
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                  Process Injection                  		Proc Filesystem1
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1396268 Sample: SecuriteInfo.com.Win32.Troj... Startdate: 21/02/2024 Architecture: WINDOWS Score: 100 111 Antivirus detection for URL or domain 2->111 113 Antivirus detection for dropped file 2->113 115 Multi AV Scanner detection for dropped file 2->115 117 8 other signatures 2->117 8 SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe 2 93 2->8         started        13 MPGPH131.exe 2->13         started        15 MPGPH131.exe 22 2->15         started        17 7 other processes 2->17 process3 dnsIp4 93 185.215.113.46 WHOLESALECONNECTIONSNL Portugal 8->93 95 34.117.186.192 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 8->95 97 193.233.132.62 FREE-NET-ASFREEnetEU Russian Federation 8->97 65 C:\Users\user\...\u1qcfpIk_jMf8TqxGWKO.exe, PE32 8->65 dropped 77 15 other malicious files 8->77 dropped 123 Detected unpacking (changes PE section rights) 8->123 125 Binary is likely a compiled AutoIt script file 8->125 127 Tries to steal Mail credentials (via file / registry access) 8->127 147 4 other signatures 8->147 19 S7SZCszMQx8n9dmoMncg.exe 8->19         started        22 schtasks.exe 1 8->22         started        24 schtasks.exe 1 8->24         started        31 2 other processes 8->31 67 C:\Users\user\...\x5MiuJIGTLsEg19UprNr.exe, PE32 13->67 dropped 69 C:\Users\user\...\v1VZ6nGHGXr580lMFhVz.exe, PE32 13->69 dropped 71 C:\Users\user\...\XVBRN46YoSEg_PLvB4Ku.exe, PE32 13->71 dropped 79 8 other malicious files 13->79 dropped 129 Tries to harvest and steal browser information (history, passwords, etc) 13->129 131 Hides threads from debuggers 13->131 133 Tries to detect sandboxes / dynamic malware analysis system (registry check) 13->133 135 Multi AV Scanner detection for dropped file 15->135 137 Machine Learning detection for dropped file 15->137 139 Tries to evade debugger and weak emulator (self modifying code) 15->139 99 142.250.176.206 GOOGLEUS United States 17->99 101 142.250.65.163 GOOGLEUS United States 17->101 103 19 other IPs or domains 17->103 73 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 17->73 dropped 75 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 17->75 dropped 81 4 other malicious files 17->81 dropped 141 Antivirus detection for dropped file 17->141 143 Tries to detect sandboxes and other dynamic analysis tools (window names) 17->143 145 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 17->145 26 msedge.exe 17->26         started        29 firefox.exe 17->29         started        file5 signatures6 process7 dnsIp8 119 Multi AV Scanner detection for dropped file 19->119 121 Binary is likely a compiled AutoIt script file 19->121 33 chrome.exe 19->33         started        36 chrome.exe 19->36         started        38 chrome.exe 19->38         started        48 10 other processes 19->48 40 conhost.exe 22->40         started        42 conhost.exe 24->42         started        105 13.107.21.239 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 26->105 107 13.107.246.40 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 26->107 109 29 other IPs or domains 26->109 44 conhost.exe 31->44         started        46 conhost.exe 31->46         started        signatures9 process10 dnsIp11 83 192.168.2.7 unknown unknown 33->83 85 239.255.255.250 unknown Reserved 33->85 50 chrome.exe 33->50         started        53 chrome.exe 36->53         started        55 chrome.exe 38->55         started        57 chrome.exe 48->57         started        59 msedge.exe 48->59         started        61 msedge.exe 48->61         started        63 msedge.exe 48->63         started        process12 dnsIp13 87 13.107.42.14 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 50->87 89 144.2.9.1 LINKEDINUS Netherlands 50->89 91 35 other IPs or domains 50->91

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe55%ReversingLabsWin32.Trojan.Generic
                  SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe100%AviraTR/Crypt.TPM.Gen
                  C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe100%AviraTR/Crypt.TPM.Gen
                  C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe100%Joe Sandbox ML
                  C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe100%Joe Sandbox ML
                  C:\ProgramData\MPGPH131\MPGPH131.exe100%Joe Sandbox ML
                  C:\ProgramData\MPGPH131\MPGPH131.exe55%ReversingLabsWin32.Trojan.Generic
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\fu[1].exe24%ReversingLabsWin32.Trojan.AutoitInject
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\fu[2].exe24%ReversingLabsWin32.Trojan.AutoitInject
                  C:\Users\user\AppData\Local\RageMP131\RageMP131.exe55%ReversingLabsWin32.Trojan.Generic
                  C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe24%ReversingLabsWin32.Trojan.AutoitInject
                  C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\x5MiuJIGTLsEg19UprNr.exe24%ReversingLabsWin32.Trojan.AutoitInject
                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://exslt.org/common0%URL Reputationsafe
                  http://exslt.org/dates-and-times0%URL Reputationsafe
                  https://pki.goog/repository/00%URL Reputationsafe
                  https://bugzilla.mo0%URL Reputationsafe
                  http://x1.c.lencr.org/00%URL Reputationsafe
                  http://x1.i.lencr.org/00%URL Reputationsafe
                  https://mail.yahoo.co.jp/compose/?To=%s0%URL Reputationsafe
                  https://www.amazon.co.uk/0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
                  https://www.youtube.comC:0%Avira URL Cloudsafe
                  https://www.gstatic.cn/recaptcha/0%Avira URL Cloudsafe
                  https://www.youtube.comMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:0%Avira URL Cloudsafe
                  https://www.youtube.comJ80%Avira URL Cloudsafe
                  https://www.youtube.com9C$t0%Avira URL Cloudsafe
                  http://185.215.113.46/ferences.SourceAumid03p100%Avira URL Cloudmalware
                  http://185.215.113.46/cost/fu.exeQD100%Avira URL Cloudmalware
                  http://185.215.113.46/mine/plaza.exeF100%Avira URL Cloudmalware
                  https://www.recaptcha.net/recaptcha/0%Avira URL Cloudsafe
                  http://www.founder.com.cn/cn0%Avira URL Cloudsafe
                  http://crl.pki.goog/gsr1/gsr1.crl0;0%Avira URL Cloudsafe
                  http://185.215.113.46/mine/plaza.exe32100%Avira URL Cloudmalware
                  http://185.215.113.46/mine/plaza.exe100%Avira URL Cloudmalware
                  https://www.tsn.caZ0%Avira URL Cloudsafe
                  http://185.215.113.46/mine/plaza.exe9100%Avira URL Cloudmalware
                  http://www.monotype.0%Avira URL Cloudsafe
                  http://185.215.113.46/mine/plaza.exe0100%Avira URL Cloudmalware
                  https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ATuJsjwiCDjUjhhfv6T3vjnrMfpapI3p3fTwQSUdkfgd3UvYhSObKGgnS-1NPbY3tJzwhrANNSwgMQ&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1274762887%3A1708529106575098&theme=gliffalse
                    		high
                    https://www.linkedin.com/loginfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.youtube.com/img/desktop/yt_1200.pngfirefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://detectportal.firefox.com/firefox.exe, 00000035.00000003.3151211279.000001E27A2ED000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://services.addons.mozilla.orgfirefox.exe, 00000032.00000003.2267014054.00000174347F2000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://firefox.settings.services.mozilla.com/v1/firefox.exe, 00000032.00000003.2267676779.00000174347B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2289022638.0000017434277000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000035.00000002.3774258456.000001E2697D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://json-schema.org/draft/2019-09/schema.firefox.exe, 00000032.00000003.2264876442.0000017434993000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.gstatic.cn/recaptcha/firefox.exe, 00000032.00000003.2279429406.0000017439D40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2256432371.0000017439D2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.com/designersfirefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmp, firefox.exe, 00000035.00000003.2337853587.000001E2755DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://t.me/riseproRageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://spocs.getpocket.com/spocsfirefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://screenshots.firefox.comfirefox.exe, 00000032.00000003.1848116032.0000017424AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000032.00000003.1830642290.00000174280FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273788735.00000174342DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1830642290.00000174280DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1830642290.00000174280D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://ipinfo.io/widget/demo/191.96.227.222PsR=RageMP131.exe, 0000001C.00000002.1774965643.000000000135E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000032.00000003.1764719406.000001742B0C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1814914085.000001742B0A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1789346532.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1795778069.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.1761756857.000001E27A2AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000032.00000003.1593181260.000001742561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1592714878.0000017427000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593688157.000001742565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1594026480.0000017425677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593417006.000001742563C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://185.215.113.46/mine/plaza.exe32SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://profiler.firefox.com/firefox.exe, 00000032.00000003.1849372556.0000017424A62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://detectportal.firefox.com/canonical.htmlACTIVITY_SUBTYPE_REQUEST_BODY_SENTforgetClosedWindowByfirefox.exe, 00000035.00000002.3791279303.000001E275378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.galapagosdesign.com/DPleasefirefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://github.com/mozilla-services/screenshotsfirefox.exe, 00000032.00000003.1593181260.000001742561F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1592714878.0000017427000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593688157.000001742565A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1594026480.0000017425677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1593417006.000001742563C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://t.me/RiseProSUPPORTAMPGPH131.exe, 0000000B.00000002.3766658918.00000000011AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequestfirefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 00000032.00000003.1993303322.000001742F967000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLKfirefox.exe, 00000032.00000003.2191545548.000001743A09B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 00000032.00000003.1764719406.000001742B0C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1814914085.000001742B0A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.youtube.comJ8S7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3762061512.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp, S7SZCszMQx8n9dmoMncg.exe, 00000013.00000003.1720668588.0000000000CBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://accounts.google.com/mS7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://m.youtube.com/firefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://exslt.org/commonfirefox.exe, 00000035.00000002.3783173868.000001E274D8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThefirefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000032.00000003.1789346532.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1795778069.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.1761756857.000001E27A2AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://185.215.113.46/ferences.SourceAumid03pSecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmptrue
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://sites.google.com/view/sources-nuclear-winterfirefox.exe, 00000032.00000003.2186760413.000001743A123000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://exslt.org/dates-and-timesfirefox.exe, 00000032.00000003.1859888127.0000017422C5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 00000032.00000003.1838652851.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1750927961.000001742327D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://pki.goog/repository/0firefox.exe, 00000032.00000003.2196571926.000001743A075000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2187650445.000001743A075000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2196571926.000001743A073000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2187650445.000001743A071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212699060.0000017438E9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2191545548.000001743A071000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://www.ecosia.org/newtab/SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1324930275.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1317346712.000000000626D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000003.1320066554.00000000062A2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1414490747.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1360612236.0000000006042000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000003.1399235285.0000000006077000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1412211859.0000000005D80000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1402479545.0000000005D58000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1424928165.0000000005D80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.youtube.com9C$tfirefox.exe, 00000032.00000003.2267014054.00000174347F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		low
                                                                              https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://bugzilla.mofirefox.exe, 00000032.00000003.2214596571.0000017438DC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://www.youtube.com/s/desktop/87423d78/img/favicon_144x144.pngfirefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881validatefirefox.exe, 00000035.00000002.3791279303.000001E275303000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://ipinfo.io/RageMP131.exe, 00000011.00000002.1601590165.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.00000000013E7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.000000000132B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.0000000001380000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://mitmdetection.services.mozilla.com/firefox.exe, 00000032.00000003.2264382163.00000174349CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000032.00000003.1830642290.00000174280FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2273788735.00000174342DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2139801775.000001743806E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://firefox-settings-attachments.cdn.mozilla.net/firefox.exe, 00000032.00000003.2289022638.0000017434277000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://i.ytimg.com/vi/LFnj8xKcrOQ/oar2.jpg?sqp=-oaymwEdCJUDENAFSFWQAgHyq4qpAwwIARUAAIhCcAHAAQY=firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://ipinfo.io:443/widget/demo/191.96.227.222MPGPH131.exe, 0000000B.00000002.3766658918.0000000001209000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.000000000132B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://spocs.getpocket.com/firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.youtube.comMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:firefox.exe, 00000033.00000002.1888020329.0000024BF77A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		low
                                                                                                  http://crl.pki.goog/gsr1/gsr1.crl0;firefox.exe, 00000032.00000003.2187650445.000001743A068000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2191545548.000001743A068000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212339323.0000017438EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2257114144.0000017438EE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.founder.com.cn/cn/bThefirefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://i.ytimg.com/vi/v5vbPTRoc4U/oar2.jpg?sqp=-oaymwEdCJUDENAFSFWQAgHyq4qpAwwIARUAAIhCcAHAAQY=firefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000032.00000003.2273905301.00000174342BB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://t.me/risepro_botERageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.tsn.caZfirefox.exe, 00000032.00000003.1841801010.00001EEDE3B03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.youtube.comC:firefox.exe, 0000002A.00000002.1529534068.0000012EDE730000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1786480024.0000024BF5C50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.youtube.com/error_204?t=jserror&level=ERRORfirefox.exe, 00000032.00000003.2258943783.00000174350DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryptiondocument.requestStofirefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 00000032.00000003.1993303322.000001742F967000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://x1.c.lencr.org/0firefox.exe, 00000032.00000003.2270231029.00000174344E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2267676779.00000174347B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://x1.i.lencr.org/0firefox.exe, 00000032.00000003.2270231029.00000174344E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2267676779.00000174347B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000032.00000003.1789346532.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1795778069.0000017428FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000035.00000002.3786258249.000001E274E97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://ipinfo.io/widget/demo/191.96.227.222RageMP131.exe, 00000011.00000002.1601590165.00000000013B1000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.000000000135E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://duckduckgo.com/?t=ffab&q=firefox.exe, 00000032.00000003.2270231029.00000174344E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://ipinfo.io/widget/demo/191.96.227.2224qRageMP131.exe, 0000001C.00000002.1774965643.0000000001380000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://185.215.113.46/mine/plaza.exeSecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1869264355.00000000062BB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2128548799.000000000651C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000002.2108579496.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1663748359.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1638528608.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1674302945.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 0000000C.00000003.1644631400.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      http://185.215.113.46/cost/fu.exeQDMPGPH131.exe, 0000000C.00000002.2127088659.000000000638F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      https://identity.mozilla.com/apps/relayfirefox.exe, 00000032.00000003.2174843720.0000017438EEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2212339323.0000017438EEC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://rr1---sn-p5qlsn7l.googlevideo.com/initplayback?source=youtubefirefox.exe, 00000032.00000003.2186760413.000001743A14D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 00000032.00000003.1838652851.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1883917437.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1875549382.00000174243DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1848913495.0000017424A9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2290220869.000001743ABD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1750927961.000001742327D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1704192733.00000174243DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1862494564.00000174243E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1682388555.00000174243DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://www.recaptcha.net/recaptcha/firefox.exe, 00000032.00000003.2279429406.0000017439D40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2256432371.0000017439D2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2252324616.000001743A6C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.amazon.co.uk/firefox.exe, 00000032.00000003.2206071536.0000017439E35000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://screenshots.firefox.com/firefox.exe, 00000032.00000003.1593417006.000001742563C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://truecolors.firefox.com/firefox.exe, 00000032.00000003.2263489873.00000174349E7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changesfirefox.exe, 00000032.00000003.2289022638.0000017434277000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.firefox.exe, 00000032.00000003.1857910160.0000017422CB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://185.215.113.46/mine/plaza.exeFSecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe, 00000000.00000002.1851517985.00000000014BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                  		unknown
                                                                                                                                  http://json-schema.org/draft-07/schema#-firefox.exe, 00000032.00000003.2264876442.0000017434993000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://t.me/risepro_botfo.orgMPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingTryingfirefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://support.mozilla.org/firefox.exe, 00000032.00000003.2266094784.000001743496B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.youtube.com/ls.kS7SZCszMQx8n9dmoMncg.exe, 00000013.00000002.3760413311.0000000000C79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://xhr.spec.whatwg.org/#sync-warningThefirefox.exe, 00000035.00000002.3802298096.000001E276650000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://t.me/risepro_botRageMP131.exe, 0000001C.00000002.1774965643.00000000013A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.founder.com.cn/cnfirefox.exe, 00000035.00000002.3802532478.000001E276670000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/Kinto/kinto-attachment/firefox.exe, 00000032.00000003.2289022638.0000017434277000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2firefox.exe, 00000035.00000002.3845500765.000001E27A2A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://185.215.113.46/mine/plaza.exe9MPGPH131.exe, 0000000B.00000002.3766658918.0000000001216000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                      		unknown
                                                                                                                                                      http://www.monotype.firefox.exe, 00000035.00000003.2341934345.000001E2755DD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.2344140316.000001E2755E1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000035.00000003.2342841693.000001E2755DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://www.youtube.com/s/desktop/87423d78/jsbin/scheduler.vflset/scheduler.jsfirefox.exe, 00000032.00000003.2186694794.000001743A178000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://185.215.113.46/mine/plaza.exe0MPGPH131.exe, 0000000C.00000002.2128548799.000000000651C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                        		unknown
                                                                                                                                                        https://monitor.firefox.com/firefox.exe, 00000032.00000003.2264382163.00000174349CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://t.me/risepro_botrRageMP131.exe, 00000011.00000002.1601590165.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&ctafirefox.exe, 00000032.00000003.1857910160.0000017422CB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0firefox.exe, 00000032.00000003.1857910160.0000017422CB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.1846703633.0000017425C91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://json-schema.org/draft-06/schema#firefox.exe, 00000032.00000003.2264876442.0000017434993000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high

                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public IPs

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                13.107.6.158
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                204.79.197.200
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                13.107.246.40
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                142.250.80.110
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.65.163
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.65.161
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                173.194.57.104
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                185.215.113.46
                                                                                                                                                                		unknownPortugal
                                                                                                                                                                		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                                                172.253.63.84
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.251.40.202
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.64.110
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                157.240.241.35
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		32934FACEBOOKUSfalse
                                                                                                                                                                172.253.122.84
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                34.117.237.239
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                142.250.80.67
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.81.246
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.65.238
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                23.40.179.37
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                                40.71.99.188
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                142.251.40.130
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.251.40.174
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                157.240.241.1
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		32934FACEBOOKUSfalse
                                                                                                                                                                204.79.197.239
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                13.225.63.40
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                34.120.208.123
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.65.234
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.80.35
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.65.170
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                23.199.65.193
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                                1.1.1.1
                                                                                                                                                                		unknownAustralia
                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                142.250.72.106
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                172.217.165.138
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                34.117.121.53
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                142.250.80.100
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                13.107.21.239
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                52.24.144.241
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                172.253.62.84
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                144.2.9.1
                                                                                                                                                                		unknownNetherlands
                                                                                                                                                                		14413LINKEDINUSfalse
                                                                                                                                                                13.107.42.16
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                13.107.42.14
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                142.250.80.78
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                152.199.24.163
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15133EDGECASTUSfalse
                                                                                                                                                                142.251.40.142
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.251.167.84
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                239.255.255.250
                                                                                                                                                                		unknownReserved
                                                                                                                                                                		unknownunknownfalse
                                                                                                                                                                31.13.71.7
                                                                                                                                                                		unknownIreland
                                                                                                                                                                		32934FACEBOOKUSfalse
                                                                                                                                                                142.251.40.182
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.251.41.6
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                34.160.144.191
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                142.250.72.110
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.251.41.3
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                44.240.103.52
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                74.125.1.166
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                172.253.115.84
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                34.117.186.192
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                142.251.35.161
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                74.125.8.74
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                23.96.180.189
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                142.250.176.202
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                31.13.71.36
                                                                                                                                                                		unknownIreland
                                                                                                                                                                		32934FACEBOOKUSfalse
                                                                                                                                                                152.195.19.97
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15133EDGECASTUSfalse
                                                                                                                                                                142.251.40.228
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.176.206
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                23.200.3.19
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                142.251.40.226
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.64.78
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.251.40.110
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                34.117.188.166
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                142.251.41.14
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.251.32.106
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                74.125.109.169
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.251.40.196
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                13.226.34.9
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                172.64.41.3
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                142.250.65.195
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.251.40.238
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                34.149.100.209
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                142.251.40.118
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                34.107.243.93
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                193.233.132.62
                                                                                                                                                                		unknownRussian Federation
                                                                                                                                                                		2895FREE-NET-ASFREEnetEUfalse
                                                                                                                                                                34.107.221.82
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                152.199.5.152
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15133EDGECASTUSfalse
                                                                                                                                                                35.244.181.201
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.65.227
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                104.117.182.74
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                13.226.34.86
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                142.251.40.163
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.80.118
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.176.195
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.65.226
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.31.84
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse

                                                                                                                                                                Private

                                                                                                                                                                IP
                                                                                                                                                                192.168.2.7
                                                                                                                                                                192.168.2.30
                                                                                                                                                                127.0.0.1

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                Analysis ID:1396268
                                                                                                                                                                Start date and time:2024-02-21 16:23:11 +01:00
                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 13m 57s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:full
                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                Number of analysed new started processes analysed:55
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                Sample name:SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                Detection:MAL
                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@181/923@0/94
                                                                                                                                                                EGA Information:
                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                HCA Information:
                                                                                                                                                                • Successful, ratio: 55%
                                                                                                                                                                • Number of executed functions: 136
                                                                                                                                                                • Number of non-executed functions: 0
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                Warnings

                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                                                • VT rate limit hit for: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                16:24:07Task SchedulerRun new task: MPGPH131 HR path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                16:24:07Task SchedulerRun new task: MPGPH131 LG path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                16:24:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                16:24:16AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                17:38:35Task SchedulerRun new task: MSIUpdaterV131 HR path: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                                                                                                                                                                17:38:38AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV131 C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe
                                                                                                                                                                17:38:43Task SchedulerRun new task: MSIUpdaterV131 LG path: C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                                                                                                                                                                17:38:44API Interceptor226x Sleep call for process: SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe modified
                                                                                                                                                                17:38:47AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV131 C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe
                                                                                                                                                                17:38:51Task SchedulerRun new task: explorgu path: C:\Users\user~1\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                                                                                                17:38:56AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS131.lnk
                                                                                                                                                                17:39:03API Interceptor1996171x Sleep call for process: MPGPH131.exe modified
                                                                                                                                                                17:39:44API Interceptor2x Sleep call for process: firefox.exe modified

                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                IPs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                13.107.6.158lmiXXjKzpz.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                  I2jCDr35mu.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                    file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                      SecuriteInfo.com.Win32.TrojanX-gen.137.30573.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.17920.19764.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.19912.30037.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                            SecuriteInfo.com.Win32.TrojanX-gen.21247.5426.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                              zVoxvQ1aiC.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                S8asBCa2u0.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                  33MkDnu015.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                    204.79.197.200kr.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • /
                                                                                                                                                                                    13.107.246.40https://pub-02d1c4e71f894095a5ea717d66167b0b.r2.dev/link.html#ZXdhLnBydXNAZXJnb2hlc3RpYS5wbA==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                      SecuriteInfo.com.Win32.TrojanX-gen.10044.64.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                        https://assets-usa.mkt.dynamics.com/3898f941-49bf-ee11-9075-6045bd003038/digitalassets/standaloneforms/6eda089b-bcc9-ee11-9078-000d3a37cb9aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          DATA_BASE.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            EXCELeINFO.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              lmiXXjKzpz.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                https://r20.rs6.net/tn.jsp?f=001g09zvzgV-b9sCmJ4fh0ApH0DXHXi7PHBEX-0BE0AP9T33t-_Sm0tjNVdl439yYif-qUu1TPSXSzzGyN8FjeDx2jViczYTlkUlFT_BJbqy88LBnBYVcK3WbSWopaKGdTJZnZWYo17fyEc4NZmv4zXPOmW6F15LfYEGjU7YzVM3BI=&c=lNktq0gnS5APLAf8rpADkDCooNv7u8Dei7AHavOK8jVejezcbeHMzQ==&ch=mwtGlYM-h_3yU1wCsXDjqX_gspj-zdR_gfzUoULkMiVppwx-FtAAwA==&__=/asdf//image/dell.com038883hhshshshshshdhfhfhdhdhhme/dhdhhdhdhhsggdgdhshhshdgdgdghshhhd/ZXN0b2ZyZWdlbkByc20ubmw=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                  https://r20.rs6.net/tn.jsp?f=001oGgRDRpYTL_MhZ2uPbEbYgwa61fynVNJSzPoK1RqmI5tSEv6XNo-DCqZStkzNrM-lCy4oewtSka3oDgIWTQPCPkhzulDiX9qSKh78njVvhA30mcsVdrj7_Qeec9Zl_-k-wwW1i-zU0ax_tgNq5WehPdwl2SfsKys&c=3wwDmntQ42xwtDpU4cunV2kE4q6_yfbIE7iPzgMVpf3VsTnMW8IRCA==&ch=&__=/bFYuswmvebbmydyoxoQkVKynIRTColavsVRiFAvDmZCuEzmCAK/anVkaXRoLndpc2tpZUBldXIubmw=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                    I2jCDr35mu.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                      Remittance_Summary#U00ae_INV0055BACS_.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        185.215.113.46SecuriteInfo.com.Win32.TrojanX-gen.26275.30792.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46/cost/ladas.exe
                                                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.26263.12275.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46/cost/fu.exe
                                                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.20833.6180.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46/cost/ladas.exe
                                                                                                                                                                                                        fB3vD2jWQm.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46/cost/niks.exe
                                                                                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46/cost/ladas.exe
                                                                                                                                                                                                        5ws86kuyyj.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46/cost/well.exe
                                                                                                                                                                                                        SecuriteInfo.com.Trojan.Siggen26.6766.4021.25295.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46/cost/well.exe
                                                                                                                                                                                                        SecuriteInfo.com.Trojan.Siggen26.6766.21437.6924.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46/cost/well.exe
                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46/cost/well.exe
                                                                                                                                                                                                        1cfxwHmB63.exeGet hashmaliciousAmadey, LummaC Stealer, RedLine, RisePro Stealer, XmrigBrowse
                                                                                                                                                                                                        • 185.215.113.46/cost/fu.exe

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                        • 34.117.186.192
                                                                                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                        • 34.117.186.192
                                                                                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                        • 34.117.186.192
                                                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.10044.64.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        https://nethunt.co/api/v1/track/link/click/6128be9d9a7b02bc0f63224d/emails.615aa7fa44d278ae1a885422?link=https://Aafintl.martinez-ruiz.com/%23amhlY2tAYWFmaW50bC5jb20=&c=E,1,Cji-4Tbk_oFxMwR-xSPvJMfrjo3tP5zDP94POJOJ8cm4E7I_MzPNIXEtRsMi14Z4ETjvNo5v_BFBrK2axGp1odhzsYob9-IZS5l0u5wn&typo=1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 34.117.42.160
                                                                                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                        • 34.117.186.192
                                                                                                                                                                                                        http://abrow.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 34.117.239.71
                                                                                                                                                                                                        lmiXXjKzpz.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        I2jCDr35mu.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUShttps://pub-02d1c4e71f894095a5ea717d66167b0b.r2.dev/link.html#ZXdhLnBydXNAZXJnb2hlc3RpYS5wbA==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 13.107.213.40
                                                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.10044.64.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 13.107.21.200
                                                                                                                                                                                                        https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//wongterm%E3%80%82com/#5Wu5c2hlbGx5LnRob21zb25AYWVzby5jYQ==??kypxg44fhlrkaixdobr=c2hlbGx5LnRob21zb25AYWVzby5jYQ==/%2e%2e=fQgDsn&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                        • 23.99.128.52
                                                                                                                                                                                                        https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp%20UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//wongterm%E3%80%82com/#pU1pS3Jpc3Rpbi5Eb2xhbkBhbWNuZXR3b3Jrcy5jb20=??kypxg44fhlrkaixdobr=S3Jpc3Rpbi5Eb2xhbkBhbWNuZXR3b3Jrcy5jb20=/..=8tU0Rt&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 23.99.128.52
                                                                                                                                                                                                        https://stackauth-bainlk.cz/save/sharefile/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 204.79.197.203
                                                                                                                                                                                                        https://assets-usa.mkt.dynamics.com/3898f941-49bf-ee11-9075-6045bd003038/digitalassets/standaloneforms/6eda089b-bcc9-ee11-9078-000d3a37cb9aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 52.146.76.30
                                                                                                                                                                                                        http://abrow.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 40.76.134.238
                                                                                                                                                                                                        DATA_BASE.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.40
                                                                                                                                                                                                        https://saloncort.uk/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 40.126.24.81
                                                                                                                                                                                                        EXCELeINFO.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.40
                                                                                                                                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUShttps://pub-02d1c4e71f894095a5ea717d66167b0b.r2.dev/link.html#ZXdhLnBydXNAZXJnb2hlc3RpYS5wbA==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 13.107.213.40
                                                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.10044.64.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 13.107.21.200
                                                                                                                                                                                                        https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//wongterm%E3%80%82com/#5Wu5c2hlbGx5LnRob21zb25AYWVzby5jYQ==??kypxg44fhlrkaixdobr=c2hlbGx5LnRob21zb25AYWVzby5jYQ==/%2e%2e=fQgDsn&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                        • 23.99.128.52
                                                                                                                                                                                                        https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp%20UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//wongterm%E3%80%82com/#pU1pS3Jpc3Rpbi5Eb2xhbkBhbWNuZXR3b3Jrcy5jb20=??kypxg44fhlrkaixdobr=S3Jpc3Rpbi5Eb2xhbkBhbWNuZXR3b3Jrcy5jb20=/..=8tU0Rt&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 23.99.128.52
                                                                                                                                                                                                        https://stackauth-bainlk.cz/save/sharefile/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 204.79.197.203
                                                                                                                                                                                                        https://assets-usa.mkt.dynamics.com/3898f941-49bf-ee11-9075-6045bd003038/digitalassets/standaloneforms/6eda089b-bcc9-ee11-9078-000d3a37cb9aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 52.146.76.30
                                                                                                                                                                                                        http://abrow.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 40.76.134.238
                                                                                                                                                                                                        DATA_BASE.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.40
                                                                                                                                                                                                        https://saloncort.uk/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 40.126.24.81
                                                                                                                                                                                                        EXCELeINFO.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.40
                                                                                                                                                                                                        WHOLESALECONNECTIONSNLSecuriteInfo.com.Win32.TrojanX-gen.10044.64.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46
                                                                                                                                                                                                        lmiXXjKzpz.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46
                                                                                                                                                                                                        I2jCDr35mu.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46
                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46
                                                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.137.30573.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46
                                                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.17920.19764.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46
                                                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.19912.30037.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46
                                                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.21247.5426.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46
                                                                                                                                                                                                        zVoxvQ1aiC.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46
                                                                                                                                                                                                        S8asBCa2u0.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 185.215.113.46
                                                                                                                                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUShttps://pub-02d1c4e71f894095a5ea717d66167b0b.r2.dev/link.html#ZXdhLnBydXNAZXJnb2hlc3RpYS5wbA==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 13.107.213.40
                                                                                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.10044.64.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                        • 13.107.21.200
                                                                                                                                                                                                        https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp+UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//wongterm%E3%80%82com/#5Wu5c2hlbGx5LnRob21zb25AYWVzby5jYQ==??kypxg44fhlrkaixdobr=c2hlbGx5LnRob21zb25AYWVzby5jYQ==/%2e%2e=fQgDsn&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                        • 23.99.128.52
                                                                                                                                                                                                        https://pocloudcentral.crm.powerobjects.net/PowerEmailWebsite//GetUrl2013.aspx?t=TEka9Gzp%20UWz6rVgaDAhSUMAUgBNAA==&eId=03e02621-4ddf-eb11-8150-00155d010e03&pval=//wongterm%E3%80%82com/#pU1pS3Jpc3Rpbi5Eb2xhbkBhbWNuZXR3b3Jrcy5jb20=??kypxg44fhlrkaixdobr=S3Jpc3Rpbi5Eb2xhbkBhbWNuZXR3b3Jrcy5jb20=/..=8tU0Rt&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 23.99.128.52
                                                                                                                                                                                                        https://stackauth-bainlk.cz/save/sharefile/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 204.79.197.203
                                                                                                                                                                                                        https://assets-usa.mkt.dynamics.com/3898f941-49bf-ee11-9075-6045bd003038/digitalassets/standaloneforms/6eda089b-bcc9-ee11-9078-000d3a37cb9aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 52.146.76.30
                                                                                                                                                                                                        http://abrow.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 40.76.134.238
                                                                                                                                                                                                        DATA_BASE.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.40
                                                                                                                                                                                                        https://saloncort.uk/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 40.126.24.81
                                                                                                                                                                                                        EXCELeINFO.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.40

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        C:\ProgramData\MPGPH131\MPGPH131.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2300928
                                                                                                                                                                                                        Entropy (8bit):7.960876666522179
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:60MC0ftOfWFWf7oqN1JzRRnt9iokxHbvJzyD6CdRhx2Z:6050ftOfWI539Xtkokx7dEjdjxE
                                                                                                                                                                                                        MD5:412B746E17540448A98A952B5EB29744
                                                                                                                                                                                                        SHA1:684A4276F34154FE2773F1AFB095AD26A19E1823
                                                                                                                                                                                                        SHA-256:9F121F9E36A53EB08FF86C94CF9678245D0C1D56670118D44351BEA52E74AEC7
                                                                                                                                                                                                        SHA-512:D4469252AF0EB46AACD86BB90B1D15ACCCD48A07EB8F57A397F1EF3A9E35B7A642AAB8588945B85A47FDAC26DF488DBB6D81721049F09FEFFD6CAEF4E2B5B08C
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....L........X...........@...........................Y......N#...@.................................T...h....p..h1.......................................................................................................... . .`..........................@....rsrc...h1...p......................@....idata ............................@... .0+.........................@...jqngduam......>.....................@...kbulycau......X.......".............@....taggant.0....X.."....".............@...........................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):26
                                                                                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                        C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1902080
                                                                                                                                                                                                        Entropy (8bit):7.950529300938905
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:6tKUuIjJaao7Fi0FB65JaMPy4RzA0ine8PXhsEh9jwE+:6tWRYr5JaMVzAG8PXh3h6D
                                                                                                                                                                                                        MD5:07D7F9FCE107448C2D383A87DE39AFB2
                                                                                                                                                                                                        SHA1:D9C377345BEDF6B6F26C165A454138DE19A206EB
                                                                                                                                                                                                        SHA-256:27E53850B7B9483834898B605F6DCF4B0C1B71BD1671864A5BC408929C7AB548
                                                                                                                                                                                                        SHA-512:8EA1C6F4CD0DDE7A7A22E686E94D9EFDCD6BA405936CD9C501A903323D36E39E28608184BF7799CCEF168B63EA3365316EB6940EFDF2825F1BA90BEF95F55170
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e..............................K...........@...........................K.....p\....@.................................Vp..j....`.......................{K..............................{K..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..+.........................@...odpxvryq......1.....................@...anidzile......K.....................@....taggant.0....K.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_0a90d993-69f2-4264-9cd7-eb811a9372ed.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7539
                                                                                                                                                                                                        Entropy (8bit):5.154985039352641
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:rMvMiHzEcbhbVbTbfbRbObtbyEl7nKJA6unSrDtTZd/S9o:rF1cNhnzFSJ51nSrDhZd/co
                                                                                                                                                                                                        MD5:3E25E50374AE73BA4AEEFC97C9E50499
                                                                                                                                                                                                        SHA1:5CCA18FAA239260088CB4FE1892461B461346E1A
                                                                                                                                                                                                        SHA-256:E534B3832D8E679B97C6EA42757C28160AA7F28B809CA601FBC1D53E9D6021D3
                                                                                                                                                                                                        SHA-512:D8725287D6811996B3A610F37049E63653E5FE6516CF17A15798B471F9F0003090467FE0969E653C49AD5D71445F2F608C1509009174AB326FCAC52F6C31EBFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"0a90d993-69f2-4264-9cd7-eb811a9372ed","creationDate":"2024-02-21T17:54:04.696Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_0a90d993-69f2-4264-9cd7-eb811a9372ed.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7539
                                                                                                                                                                                                        Entropy (8bit):5.154985039352641
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:rMvMiHzEcbhbVbTbfbRbObtbyEl7nKJA6unSrDtTZd/S9o:rF1cNhnzFSJ51nSrDhZd/co
                                                                                                                                                                                                        MD5:3E25E50374AE73BA4AEEFC97C9E50499
                                                                                                                                                                                                        SHA1:5CCA18FAA239260088CB4FE1892461B461346E1A
                                                                                                                                                                                                        SHA-256:E534B3832D8E679B97C6EA42757C28160AA7F28B809CA601FBC1D53E9D6021D3
                                                                                                                                                                                                        SHA-512:D8725287D6811996B3A610F37049E63653E5FE6516CF17A15798B471F9F0003090467FE0969E653C49AD5D71445F2F608C1509009174AB326FCAC52F6C31EBFE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"0a90d993-69f2-4264-9cd7-eb811a9372ed","creationDate":"2024-02-21T17:54:04.696Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                        C:\Users\user\AppData\Local\AdobeUpdaterV131\AdobeUpdaterV131.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1902080
                                                                                                                                                                                                        Entropy (8bit):7.950529300938905
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:6tKUuIjJaao7Fi0FB65JaMPy4RzA0ine8PXhsEh9jwE+:6tWRYr5JaMVzAG8PXh3h6D
                                                                                                                                                                                                        MD5:07D7F9FCE107448C2D383A87DE39AFB2
                                                                                                                                                                                                        SHA1:D9C377345BEDF6B6F26C165A454138DE19A206EB
                                                                                                                                                                                                        SHA-256:27E53850B7B9483834898B605F6DCF4B0C1B71BD1671864A5BC408929C7AB548
                                                                                                                                                                                                        SHA-512:8EA1C6F4CD0DDE7A7A22E686E94D9EFDCD6BA405936CD9C501A903323D36E39E28608184BF7799CCEF168B63EA3365316EB6940EFDF2825F1BA90BEF95F55170
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e..............................K...........@...........................K.....p\....@.................................Vp..j....`.......................{K..............................{K..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..+.........................@...odpxvryq......1.....................@...anidzile......K.....................@....taggant.0....K.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\14176628-93e1-457e-9b22-cde9964429c2.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):69697
                                                                                                                                                                                                        Entropy (8bit):6.1027479997132
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:PNLUfEugGYeUJaJnqnXUcHPGWv/sxtw3dsVx0FFog7VLyMV/Yosf:6su3eqnqkWv/4KKVGLlVeZosf
                                                                                                                                                                                                        MD5:DF827FCA374E5E729F2B18F004DC8E9D
                                                                                                                                                                                                        SHA1:122B543DC881C08A126FE7434FE4E7BAAA62C1F9
                                                                                                                                                                                                        SHA-256:751785E22C74D5082AC1815AC79B9B5D5D8E7B8D461D40FD3654ADDC18160BA7
                                                                                                                                                                                                        SHA-512:75882A4062AA80A63E7D698A05EFD5500F98DC24D043E7D14EA74B17F6E5FEE90D410F47EBB5661BDC512A9FF86D8B465499F39FCC8447545FB53ACA5B13CB78
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708533521"},"domain_actions_config":"H4sIAAAAAAAAAO19WZMjt5HwX5noJ9shoqd7Lo33SSvLR9iyHLIcivg2HB0oAKxCFwqoxkGy6PB/30wU2cewCmRWa/fl2weNutlMnIm8j39dfWOl857/45sfNsp7LdXVb/91xfveaMGjdjZc/fa//vnVVe/gA63wt39dWd7B166+k7X6xzdXX13Focffe+6j5uZH1RsuVKdshL9tuEn4x29gSPWzqv6s4/WHd5/Yu49vfvXnP/70/V++emN0q978QYnW/frNt413nbr+9Ja9Ze8+vPua3by9ffN3vuZeH8Fw2usb+MunTx/fXf37q8f1jLDPV6Tgqz+5VtnpNT0H/p37q4uPZ/A4gnzx8bPv4yo+f/4f2fznz7D591+/f88+vT/d+/jnm5sPb9mHD6fb/19f09QNAFJ9azTM90dtYyjfx8l3Dwv811VQYiWaVeIrLmVGvMpzCz9d/cG52qjD2q7+Dfj59F2vOrcB+P+6+l4L74Jbx4wy

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\170ac27f-30cf-40bf-9606-bab2288da6c7.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\23fe8ea8-9997-4487-af59-f7be8665f240.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):57643
                                                                                                                                                                                                        Entropy (8bit):6.103912197771939
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynlPGWv/sxtwKj7VLyMV/YoskFoz:z/0+zI7yn1v/4KcVeZoskG
                                                                                                                                                                                                        MD5:6854452D21AED524C2088502062CBC58
                                                                                                                                                                                                        SHA1:0780AEF6A9B87E32FAAB88CCD4B222729E04543A
                                                                                                                                                                                                        SHA-256:6AFB3B9C4E36FFB81B822E0B5B1C1E4F7339A6AA45EF3542D8EA8D47BE4241FD
                                                                                                                                                                                                        SHA-512:9382AFC52C6D7CEB44940825226862F5A5FFB43FED1C3BA9E0F3EB31D98A2C50D3B9FAA54BD43EE83B4844F9C13BE2998782DB35CC3013F5DEED23F370EF1B77
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2592495d-d3fe-4496-8179-e699987e1c38.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):58612
                                                                                                                                                                                                        Entropy (8bit):6.103021154161598
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:t/Ps+wsI7yOajU/PGWv/sxtw3j7VLyMV/YoskFoL:t/0+zI7yOB/v/4K/VeZoske
                                                                                                                                                                                                        MD5:890B3BDE12E60E5EDEF1FCA02AB65ECE
                                                                                                                                                                                                        SHA1:700EF575A0DE7BD64B8F5AEA863571F84D600606
                                                                                                                                                                                                        SHA-256:87363F46BC03F847697B1C0991D9678DE22BF378020CE53B64137528529696D5
                                                                                                                                                                                                        SHA-512:A73BDE77613DA016FF19794521D260704222AACA7B1D0EFA8C394979779B97382D4F4F869AECEC789ED8548CD4FE5105816047C0C6DC0FE3903F9629D9A79EF8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708533521"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\29549b7a-474f-4724-b897-ccb00a9ff6e1.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):57683
                                                                                                                                                                                                        Entropy (8bit):6.1036849632337145
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yOUU/PGWv/sxtw3j7VLyMV/YoskFo6:z/0+zI7yO5/v/4K/VeZosk/
                                                                                                                                                                                                        MD5:3EF08BAC264CBE6DEF9EF9D4648CC343
                                                                                                                                                                                                        SHA1:E5C03E66FBE9D7347B9149485CE7609AAE90E42E
                                                                                                                                                                                                        SHA-256:CB6FA5D532562E9E877FEE841CE1544F3FD1F447962CB7CFDFC540CC00F099C2
                                                                                                                                                                                                        SHA-512:ACD53A10A41979F60AAB99F7FE0CAF3A078CA9CBC79A86F758D81C023423C6A096F2A5BD42F618A58E57C7AD829FC23CD8370B024F47C7524EACE0939D4BA38D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2b5e59e8-b167-44d6-b77e-5a9d9249bedf.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):55992
                                                                                                                                                                                                        Entropy (8bit):6.102839679001268
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynePGWv/sxtwE7VLyMV/YoskFoN:z/0+zI7yn6v/4KuVeZoskc
                                                                                                                                                                                                        MD5:1746286F5C78D3AC509AA8D1D52B62CF
                                                                                                                                                                                                        SHA1:E5A5DA11231301C62F91B6E8E73753657D024DB6
                                                                                                                                                                                                        SHA-256:2F1D5DC02D27BCFC3236F15592AFD75EAC2376141AB6AB1337579323D08F5378
                                                                                                                                                                                                        SHA-512:F77807591935A2208D3AC9E0C5B5BB79EFB69931740DE1654194A19184511C25D17E9B9E30A01035B730C575C17783E461B3C1F9F575B70C2ECE5890C9C64042
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\31ffe71f-a404-47eb-9360-4de52cb1e550.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):69697
                                                                                                                                                                                                        Entropy (8bit):6.102736790946229
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:PNLUfEugGYeUJaJnqnXUfPGWv/sxtw3dsVx0FFog7VLyMV/Yosf:6su3eqnqkfv/4KKVGLlVeZosf
                                                                                                                                                                                                        MD5:C5563DAE258BD710C621100C41269D20
                                                                                                                                                                                                        SHA1:5552A0129A5D8D7ED4551458082735704955E370
                                                                                                                                                                                                        SHA-256:BE2D151D084FF78306142AFCF513FC313FB8823A81770D49AC22F4F347039148
                                                                                                                                                                                                        SHA-512:77D367898039563E143649C1EB04096DE24CB5420A3F3F747DBF4CEA2A2859E2484CA6BDB53EEB9D557B42995BA20DDEB4A9C800C93870E5C950CE7C156B689A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708533521"},"domain_actions_config":"H4sIAAAAAAAAAO19WZMjt5HwX5noJ9shoqd7Lo33SSvLR9iyHLIcivg2HB0oAKxCFwqoxkGy6PB/30wU2cewCmRWa/fl2weNutlMnIm8j39dfWOl857/45sfNsp7LdXVb/91xfveaMGjdjZc/fa//vnVVe/gA63wt39dWd7B166+k7X6xzdXX13Focffe+6j5uZH1RsuVKdshL9tuEn4x29gSPWzqv6s4/WHd5/Yu49vfvXnP/70/V++emN0q978QYnW/frNt413nbr+9Ja9Ze8+vPua3by9ffN3vuZeH8Fw2usb+MunTx/fXf37q8f1jLDPV6Tgqz+5VtnpNT0H/p37q4uPZ/A4gnzx8bPv4yo+f/4f2fznz7D591+/f88+vT/d+/jnm5sPb9mHD6fb/19f09QNAFJ9azTM90dtYyjfx8l3Dwv811VQYiWaVeIrLmVGvMpzCz9d/cG52qjD2q7+Dfj59F2vOrcB+P+6+l4L74Jbx4wy

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4b72b6ff-25d4-404b-b0c7-c791456135c0.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103065745187042
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynnPGWv/sxtwe7VLyMV/YoskFo6:z/0+zI7ynXv/4KcVeZosk/
                                                                                                                                                                                                        MD5:7DB3C36CBA7DE4F6262A811A2FCB2DCC
                                                                                                                                                                                                        SHA1:D551BE22FB8906F2420198543373300B4FC98412
                                                                                                                                                                                                        SHA-256:EA20B433275CA087236FE82BDEBA4979A2AC6CA3CDBBB2AAEE8D4D96CF87225C
                                                                                                                                                                                                        SHA-512:D29FE179D63D859191CB6E0CF056404381EB404AFA3F4E5243B852E7FF6834351C81D7AE6B79A18B5D3A8F581AFEB92C307986E296545D4A554AC992322A13B9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\53701859-bc6b-4c89-b191-fcc88a3e39c7.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):69697
                                                                                                                                                                                                        Entropy (8bit):6.102742608819093
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:PNLUfEugGYeUJaJnqaXUEPGWv/sxtw3dsVx0FFog7VLyMV/Yosf:6su3eqnqlQv/4KKVGLlVeZosf
                                                                                                                                                                                                        MD5:AFC33FDA0B02077E199FE983B1BCA91D
                                                                                                                                                                                                        SHA1:E5EDAE7507199E555A1BE7139E6706A1DC3FE42F
                                                                                                                                                                                                        SHA-256:89F468EE00390FD9D4233718F7EC252F71F5BAC7C0879E8C01A9839E736E5F2B
                                                                                                                                                                                                        SHA-512:499173EB85909EC9A88CC48F506205F93B8B66F5FA344DEB6BCC185B620A21F12DDFE5B65E927046579D687050A304A483E1F0E5CDCDA941692D20E0A69B4B21
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708533521"},"domain_actions_config":"H4sIAAAAAAAAAO19WZMjt5HwX5noJ9shoqd7Lo33SSvLR9iyHLIcivg2HB0oAKxCFwqoxkGy6PB/30wU2cewCmRWa/fl2weNutlMnIm8j39dfWOl857/45sfNsp7LdXVb/91xfveaMGjdjZc/fa//vnVVe/gA63wt39dWd7B166+k7X6xzdXX13Focffe+6j5uZH1RsuVKdshL9tuEn4x29gSPWzqv6s4/WHd5/Yu49vfvXnP/70/V++emN0q978QYnW/frNt413nbr+9Ja9Ze8+vPua3by9ffN3vuZeH8Fw2usb+MunTx/fXf37q8f1jLDPV6Tgqz+5VtnpNT0H/p37q4uPZ/A4gnzx8bPv4yo+f/4f2fznz7D591+/f88+vT/d+/jnm5sPb9mHD6fb/19f09QNAFJ9azTM90dtYyjfx8l3Dwv811VQYiWaVeIrLmVGvMpzCz9d/cG52qjD2q7+Dfj59F2vOrcB+P+6+l4L74Jbx4wy

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\57cc1498-2640-4ebd-a500-0d7ad9878920.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56773
                                                                                                                                                                                                        Entropy (8bit):6.103370682002962
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yntDjPGWv/sxtw7j7VLyMV/YoskFoN:z/0+zI7yntDbv/4K7VeZoskc
                                                                                                                                                                                                        MD5:9BEC00C628941FEDB74B3D719011D43E
                                                                                                                                                                                                        SHA1:86D0C3B159242E48DD7718BAC715D3E49D3BC40F
                                                                                                                                                                                                        SHA-256:4FF59CDA4C3B7E8D16F880E65964B4D7BB0F9C8C0F79B93C331BA512576A5C47
                                                                                                                                                                                                        SHA-512:24EA1706B303A41FB9DC1A5DAB1103CC42E21AE823CF3F85BC474AB39698AD5661F1A4F85DE27DEFAE22763A558ADB492A17CA3350D728151FFC37D1BA9CEBC0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\580341b9-15c1-4872-992e-402bef30947f.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):58612
                                                                                                                                                                                                        Entropy (8bit):6.103091057141218
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:3/Ps+wsI7yOaXU/PGWv/sxtw3j7VLyMV/YoskFoL:3/0+zI7yOl/v/4K/VeZoske
                                                                                                                                                                                                        MD5:ED568CF9B5A1AFBE6046E88576C30A8B
                                                                                                                                                                                                        SHA1:0B8B3CDBF9795A37DB62BFE2F8AA0E99819997FB
                                                                                                                                                                                                        SHA-256:253CEB867D4BF20570E1B7B692DB6AC517C574B4F056069982ACF77845B750BD
                                                                                                                                                                                                        SHA-512:7C18934E66932CF305FFF47BED9DC6FC2D4D67E02C8D8D52AD6723B8BBF1EFB34127768DAB761CC9B000D9EA8EAE45F49FF88C44497702586CA8534D0660A334
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708533521"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\612d466c-17f6-49c9-859a-86478a57f022.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):56773
                                                                                                                                                                                                        Entropy (8bit):6.103370682002962
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yntDjPGWv/sxtw7j7VLyMV/YoskFoN:z/0+zI7yntDbv/4K7VeZoskc
                                                                                                                                                                                                        MD5:9BEC00C628941FEDB74B3D719011D43E
                                                                                                                                                                                                        SHA1:86D0C3B159242E48DD7718BAC715D3E49D3BC40F
                                                                                                                                                                                                        SHA-256:4FF59CDA4C3B7E8D16F880E65964B4D7BB0F9C8C0F79B93C331BA512576A5C47
                                                                                                                                                                                                        SHA-512:24EA1706B303A41FB9DC1A5DAB1103CC42E21AE823CF3F85BC474AB39698AD5661F1A4F85DE27DEFAE22763A558ADB492A17CA3350D728151FFC37D1BA9CEBC0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\67c0bc45-4b26-406d-9042-bd108f6658ee.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):57643
                                                                                                                                                                                                        Entropy (8bit):6.103912197771939
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynlPGWv/sxtwKj7VLyMV/YoskFoz:z/0+zI7yn1v/4KcVeZoskG
                                                                                                                                                                                                        MD5:6854452D21AED524C2088502062CBC58
                                                                                                                                                                                                        SHA1:0780AEF6A9B87E32FAAB88CCD4B222729E04543A
                                                                                                                                                                                                        SHA-256:6AFB3B9C4E36FFB81B822E0B5B1C1E4F7339A6AA45EF3542D8EA8D47BE4241FD
                                                                                                                                                                                                        SHA-512:9382AFC52C6D7CEB44940825226862F5A5FFB43FED1C3BA9E0F3EB31D98A2C50D3B9FAA54BD43EE83B4844F9C13BE2998782DB35CC3013F5DEED23F370EF1B77
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6c00b2a2-c5aa-40e1-9561-6d85912a9947.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):57623
                                                                                                                                                                                                        Entropy (8bit):6.103920967562867
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynmU2PGWv/sxtwnj7VLyMV/YoskFo6:z/0+zI7ynbCv/4KvVeZosk/
                                                                                                                                                                                                        MD5:74CC78DB791579C4AFD6A3C3F33172C4
                                                                                                                                                                                                        SHA1:03C1F22615ACDD4D41678AB5533AF3BD97D3794B
                                                                                                                                                                                                        SHA-256:4B2F9534823FBDAF61CE30C1F01EADB83E38A955935DD4D2C1ED8A325FCE6DB8
                                                                                                                                                                                                        SHA-512:47C15B33CC1F706E0108E9B26BFDAFAEFCFDD702E849DD5CD736BBDF63057202FAC2F284A0612468038CF241EB844A810C4806004E3627602FC4C475C0AFEFAA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\87876dc6-335e-4bf0-bc5e-e9e7e3cabb31.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):69697
                                                                                                                                                                                                        Entropy (8bit):6.102743461666708
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:PNLUfEugGYeUJaJnqnXUEPGWv/sxtw3dsVx0FFog7VLyMV/Yosf:6su3eqnqkQv/4KKVGLlVeZosf
                                                                                                                                                                                                        MD5:DBC74D48FA55DE9BAEB4DE9723E94E02
                                                                                                                                                                                                        SHA1:F5D9F276E8542FA6BDF362132AE2386ACB4DBEC6
                                                                                                                                                                                                        SHA-256:0C89635A6B4A98B4BF0FD69491DC5D1C468100506CB3177E7A931CDA59D47ABA
                                                                                                                                                                                                        SHA-512:DD3D82BF19B07585446DCE42BB6420DA1E5367985C905D913569D0959BF2565FEE6BE0526FB55076B700B55ADA085A583157B706EFC588719F6CB22D69345A87
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708533521"},"domain_actions_config":"H4sIAAAAAAAAAO19WZMjt5HwX5noJ9shoqd7Lo33SSvLR9iyHLIcivg2HB0oAKxCFwqoxkGy6PB/30wU2cewCmRWa/fl2weNutlMnIm8j39dfWOl857/45sfNsp7LdXVb/91xfveaMGjdjZc/fa//vnVVe/gA63wt39dWd7B166+k7X6xzdXX13Focffe+6j5uZH1RsuVKdshL9tuEn4x29gSPWzqv6s4/WHd5/Yu49vfvXnP/70/V++emN0q978QYnW/frNt413nbr+9Ja9Ze8+vPua3by9ffN3vuZeH8Fw2usb+MunTx/fXf37q8f1jLDPV6Tgqz+5VtnpNT0H/p37q4uPZ/A4gnzx8bPv4yo+f/4f2fznz7D591+/f88+vT/d+/jnm5sPb9mHD6fb/19f09QNAFJ9azTM90dtYyjfx8l3Dwv811VQYiWaVeIrLmVGvMpzCz9d/cG52qjD2q7+Dfj59F2vOrcB+P+6+l4L74Jbx4wy

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\96fab5d0-2f71-4beb-8b39-d434ae19e3dc.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):58612
                                                                                                                                                                                                        Entropy (8bit):6.103093295414703
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:3/Ps+wsI7yOayU/PGWv/sxtw3j7VLyMV/YoskFoL:3/0+zI7yOy/v/4K/VeZoske
                                                                                                                                                                                                        MD5:52B902A00C58556F0E3ED539488A0C26
                                                                                                                                                                                                        SHA1:FC2CB95A73E73B2D29A8DC1EAA0BF905DE168CDA
                                                                                                                                                                                                        SHA-256:DB1FD6943C1AAD317AA67E427917AF9A28239F7868B8DAB1FD5744DD3A521734
                                                                                                                                                                                                        SHA-512:E61375E3317DF78632AD83EAE2B37A3F07DFA36470B8101B219E3910F662A7098FB6946E869AEC4338AD9E7401ACDF7785E01266C532931E67A8310940039BA8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708533521"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\a3570c27-4cc9-4285-ab7d-58fd6974a6c5.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):101305
                                                                                                                                                                                                        Entropy (8bit):4.632245064501217
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:W/lv4EsaMN2QFs5Vdj34Psia5++tDulXrYdvaYahc+:+w2QK5VdjIG+S8cd1Gc+
                                                                                                                                                                                                        MD5:210719E2CEE9F074514E9B834043EE55
                                                                                                                                                                                                        SHA1:890CCC8B02021E782D4756F898EE939DC9F26035
                                                                                                                                                                                                        SHA-256:BF55D4120D85B5EBAF86AE7A9374FA1B1E88E4DE54FC42772034B8E6F168CE4D
                                                                                                                                                                                                        SHA-512:D66517D26976932ABD0AE03EB09CD08CD5C4D3CA2E601820A6C68598931A6ED3D5FB8DFECFA07C7A20772C4FE2D2F73094E0EC9F8ED83AACADDC4C090AC9D2F4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):101305
                                                                                                                                                                                                        Entropy (8bit):4.632245064501217
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:W/lv4EsaMN2QFs5Vdj34Psia5++tDulXrYdvaYahc+:+w2QK5VdjIG+S8cd1Gc+
                                                                                                                                                                                                        MD5:210719E2CEE9F074514E9B834043EE55
                                                                                                                                                                                                        SHA1:890CCC8B02021E782D4756F898EE939DC9F26035
                                                                                                                                                                                                        SHA-256:BF55D4120D85B5EBAF86AE7A9374FA1B1E88E4DE54FC42772034B8E6F168CE4D
                                                                                                                                                                                                        SHA-512:D66517D26976932ABD0AE03EB09CD08CD5C4D3CA2E601820A6C68598931A6ED3D5FB8DFECFA07C7A20772C4FE2D2F73094E0EC9F8ED83AACADDC4C090AC9D2F4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                        SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                        SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                        SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                        MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                        SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                        SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                        SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-65D615AA-229C.pma

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                        Entropy (8bit):0.04707285798381894
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:rBS0m5tminOAUiYTJ8STlGaDrZjU8gHXMA2rIIkkQlaw2IYhDkNie71gQM123f1o:NS0UtpuAp9qhQHhg52v1z08T2RGOD
                                                                                                                                                                                                        MD5:AC9A8C628D6993B929EEFB82BF2BCE69
                                                                                                                                                                                                        SHA1:20F63B0749650F4A7E22A6448C301DCF5C7381D4
                                                                                                                                                                                                        SHA-256:FA3BF48F2D3137420A173B847C66B6362649D3E9E44FEA5C9F51F476ACAE889B
                                                                                                                                                                                                        SHA-512:796CF8C775619D0A88241E3420E56FF90030B24A6FAA6BE151F39ACAEAEFFC123FA7673BD23E41F9D0BBFDF2A854AEEAE62F30FBD49E436544E1F16F74BCBB23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@................j...Y..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".cgpgfb20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.......y...... .2.......,...... .`2.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-65D615AA-22D4.pma

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                        Entropy (8bit):0.04756793577500564
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:NT30pqtminOAUSYjJ8STlGaDrZjU8gHXW2RIDkkQlaw2IYhDkNaeTRQcLC3Vln8H:130ctpOApxqhQH1K3Vl08T2RGOD
                                                                                                                                                                                                        MD5:046FA59BC59DFC47BC9DEAB9C9B7745D
                                                                                                                                                                                                        SHA1:F00464E882653BDDC6C978FA0FCD310D1C0E20C3
                                                                                                                                                                                                        SHA-256:C260D56A521849D8F7FE8A6EE63F12766FF41F8FF8A68D4D2D0CA8C7033912D1
                                                                                                                                                                                                        SHA-512:815386374DE0C10F4702D33EF11FD71E918F5A714476892F499CACBC98DA8FDF3375CD11275071E637892D87B8B20335C2AEDFBC9AEA5E8D095E61D4328B1345
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@................k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".cgpgfb20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2................ .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-65D615AA-2378.pma

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                        Entropy (8bit):0.04085793287105388
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:H90o3tmP6raZtJXCqltLuLyTfDVg8XSb1ckI6T+DhPcNIno1gQs4I/On8y08TcmQ:d0stqxaGKzi9hUgAgsIm08T2RGOD
                                                                                                                                                                                                        MD5:589C2AB489A30CA7DB6B8185280DE8F6
                                                                                                                                                                                                        SHA1:897A3E2CC87F889C511E189060D718BD80F20107
                                                                                                                                                                                                        SHA-256:99BE604612B1DE34F0DCF0616FC56677B5452C048BB3E8C9AAE51D032CAB8FE4
                                                                                                                                                                                                        SHA-512:E0FFA1CB3631964BD5C2DD26B756186D860E1CDC8F242827DBAADECAEC742C4539AA11C9103A4A8C8B16AE7AF5AAED71C4B64FB5DE6CA5BEF3C32073ED75EC25
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@...............xb..0R..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....d.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".cgpgfb20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U.>.........."....."...2...".*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z........................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-65D6270B-2608.pma

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                        Entropy (8bit):0.585373626714438
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:huCCx7vsE1XXaH9GhD5Lq9nDYRaHn0vEO1lSOUO:i1XqAhYHe
                                                                                                                                                                                                        MD5:0542D17EB8EF19F75C17884B24610606
                                                                                                                                                                                                        SHA1:067F0B97A7341B453985BD0E100677016AE67E58
                                                                                                                                                                                                        SHA-256:8FFE6474D8B9DFDEA2211074D3E2CC4E1D376A30745486E35400621FCF56429B
                                                                                                                                                                                                        SHA-512:B7CDD16613928A9D7661E4E8736F42F58DCF6CE1657DA50B99162F882822EFAF06EE94EEA51B44E6A76522182AB6F9EAB85E232A08A1025BFF012821AD7E66D5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@...............h]...\..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".cgpgfb20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K..>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .2........6......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):280
                                                                                                                                                                                                        Entropy (8bit):4.16517681506792
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
                                                                                                                                                                                                        MD5:C847567DEE0317368C1EC824DE025887
                                                                                                                                                                                                        SHA1:554098F22FEA9282FE1AAB35560849CD6FF546B1
                                                                                                                                                                                                        SHA-256:3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
                                                                                                                                                                                                        SHA-512:A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\16b929b1-08ed-4816-943b-8806d391f43d.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9759
                                                                                                                                                                                                        Entropy (8bit):5.123093042687094
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2kdrsVZyaNPmkS3W81bV+FBrQA8QPbYJ:st2ssVZtJmbGFQJ
                                                                                                                                                                                                        MD5:F1284A8720CEBE067EE0273715F4CFFF
                                                                                                                                                                                                        SHA1:9F68FDBB905F8FC841BA6852CCA26C0A0F2023C3
                                                                                                                                                                                                        SHA-256:8F771F2CF90DD144ACA7D5F1568D89B229C3FD02A8490F2E016F4D2BD3FB6A7F
                                                                                                                                                                                                        SHA-512:424570B227B2BC5D7E9A13FB21C6B0BC74880867E441FBB7A0578A4BE62F3FC6E0550ECC9E0CA3BC843F21F6E8BE3E3C532B3FC21AE41522FA7D6CD389520FE9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\19270358-717e-425c-b58f-f6ca7beb6d32.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14255
                                                                                                                                                                                                        Entropy (8bit):5.231169667740136
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2J99QTryDioo8abatSuyrs/ZyaNPmk73W8fbV+FxSZesxQmUQQPb5mJ:st2PGoHSuks/ZtJpbGg4aQ5y
                                                                                                                                                                                                        MD5:C0BF1DA9C8C518CDD2A3865C386F5E93
                                                                                                                                                                                                        SHA1:D778737222E879D0616112373CE8D39DE5CB6FCA
                                                                                                                                                                                                        SHA-256:C61A312806F5FD4CD697E598BB4598D469ECBC74E8B46E6DE2BF005BC4E23499
                                                                                                                                                                                                        SHA-512:F19C8C48D0A5985062FC9A143D43BAD949D543AABEC2CC72D28D2D769C8E342FF0DF7F8F6964F758FBC2F11111252B0BC89C42D44C728EE97960C637948A5D84
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\28e9cd28-a473-404c-b15e-f5468a8979df.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):35445
                                                                                                                                                                                                        Entropy (8bit):5.558268004248116
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:2WQksXWPomfsl8F1+UoAYDCx9Tuqh0VfUC9xbog/OViJBpErwz1YoqKp8tuY:2WQksXWPomfslu1ja5jpdz1YB5tj
                                                                                                                                                                                                        MD5:2BE4B979847C2AF6A7A8FBC8D7D0CC06
                                                                                                                                                                                                        SHA1:535F32C898288A6CAE7CA0653A83DF20B131C237
                                                                                                                                                                                                        SHA-256:0EAF58A158B2970D04527053A16B8461F457D3E77414CC960FDF4A5B51F62D95
                                                                                                                                                                                                        SHA-512:F564DE1823926B7ABA273951F020574F5AD73167D14DE340A79D9E036B6808D684C8B2DD14D06F69FAEC75CA06A663FE5618C47600AA991392A05AA86AE2796D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13353007116088641","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13353007116088641","location":5,"ma

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3d6f812e-384c-4fed-acbd-9041aac8c3aa.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\54ae6262-17fd-4f0a-9755-45e7d5f405e9.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):40390
                                                                                                                                                                                                        Entropy (8bit):5.561984030510847
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:2WQkTKLoLqlXWPomf3l8F1+UoAYDCx9Tuqh0VfUC9xbog/OVIPqJBpErwz1zDqK3:2WQkTQWqlXWPomf3lu1jaNPqjpdz1zG+
                                                                                                                                                                                                        MD5:5239CB1C81C6C471AA62CDE0CB767E51
                                                                                                                                                                                                        SHA1:7DF4A59CBC398143D64D7E2AE422FBF019187E1A
                                                                                                                                                                                                        SHA-256:6B428037C18538916EF91BCC569E26AD5F3EBACBCA7A73B78CAB83617B723BBD
                                                                                                                                                                                                        SHA-512:2617C34CA54849A63169370342B9C1EB88322FD0E1459933020B37090AE5EEEA4F3E4EF405E71FC058B010E7A965EE1ACFD2EBDB34FA13A281CDC50DE6D81C4A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13353007116088641","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13353007116088641","location":5,"ma

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\610b4dea-035f-43c3-bc40-d702599675f9.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24691
                                                                                                                                                                                                        Entropy (8bit):5.568544907398634
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:23qk0XWPnmfil8F1+UoAYDCx9Tuqh0VfUC9xbog/OVEJBMErwSp8tu4:23qk0XWPnmfilu1jaVjMdRtL
                                                                                                                                                                                                        MD5:32732544E4956920E55E9E8A5CBFA23A
                                                                                                                                                                                                        SHA1:57EA0D9C580FB6B0B2318865F96349368D369D59
                                                                                                                                                                                                        SHA-256:45BC935798DBD8257F608D891089DB516E2D153284CFD812A068D54254E00242
                                                                                                                                                                                                        SHA-512:37921532D72C8017EFD4A905DB8E574274DACF89A87B70AA63207DBB75F309F6BE3E2BD333D1DA2E1AFA133300A5CDCDB50095C96179362B0A37993AEF7ADFAB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13353007116088641","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13353007116088641","location":5,"ma

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6629a567-3859-448e-8eb7-f3262b6da771.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37150
                                                                                                                                                                                                        Entropy (8bit):5.5640566878441655
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:2WQksXWPomf3l8F1+UoAYDCx9Tuqh0VfUC9xbog/OVIPqJBpErwz1JDqKp8tuH:2WQksXWPomf3lu1jaNPqjpdz1JG5tk
                                                                                                                                                                                                        MD5:56B8EC5E062BB26C22603B5C9807903C
                                                                                                                                                                                                        SHA1:48B7E6748ABF9E576E55674DCD712BCCEBAD86B5
                                                                                                                                                                                                        SHA-256:10B816BBB53DE56F0E01D53D433F43A9D3A9F1076E37300F98EB5323448BF40C
                                                                                                                                                                                                        SHA-512:8E851AD8E95B15CE5E1C50DF0C2B3EB56A76FFEF0FF3D18E51A4130E8B7E90EBAE689F4DB853AD4F5FDF3262B953F1D1BE4A2AB335E9017C3009E99E35236CDB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13353007116088641","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13353007116088641","location":5,"ma

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6855b7d4-be63-4462-ad7d-44deee42d371.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13066
                                                                                                                                                                                                        Entropy (8bit):5.212071177490267
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2J99QTryDi6o8abatSuyrsVZyaNPmkS3W81bV+FBrQAHQQPb5mJ:st2PG6HSuksVZtJmbGFQ0y
                                                                                                                                                                                                        MD5:B06BACA18757781470CD06E7AF88A5B7
                                                                                                                                                                                                        SHA1:06D39F8979474E4EF7DE83E7518F1A1BB6B8DB1A
                                                                                                                                                                                                        SHA-256:342FC19C163B50CF8F7F0F934F71FCCAC7732CE674679E0D75BFF9B1344E2A71
                                                                                                                                                                                                        SHA-512:A3217E2F7B6B2424EEDB9D814B8CAB7284C50D13C767C0192CA8126F42144C761131FFFC3BFDCD76BA67A808180AC5E3FD09E49F9E8499373FC3527E43F498C1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\889207d7-0b9f-489b-ac10-29a2e8814b41.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14211
                                                                                                                                                                                                        Entropy (8bit):5.233057009119588
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2J99QTryDioo8abatSuyrsVZyaNPmk73W8fbV+FxSZesxQmEQQPb5mJ:st2PGoHSuksVZtJpbGg4aQ9y
                                                                                                                                                                                                        MD5:49AA5D9AF9D2EB6022129DF01F9603F1
                                                                                                                                                                                                        SHA1:9E01F279973A32844B5B594370E690097B29CE35
                                                                                                                                                                                                        SHA-256:CB532E16A51935199833F49C81C693A8E34056E3F32F8F722995811F076843F2
                                                                                                                                                                                                        SHA-512:D038E192BE98D6BFF38DD26A227A8E0EF7DEE1DF41BA0FAB4998A206DE4AFCEB755672BE6488CD50A6F14F2407A4FB70295EC666E60CCD0798C57EAE0082791D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9876d273-27dd-4706-8836-5efa7d98f4e7.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):35446
                                                                                                                                                                                                        Entropy (8bit):5.558284874514727
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:2WQksXWPomf3l8F1+UoAYDCx9Tuqh0VfUC9xbog/OViJBpErwz1JoqKp8tuNH:2WQksXWPomf3lu1ja5jpdz1JB5tS
                                                                                                                                                                                                        MD5:DDDB65D1FC8F52CAA04A026C4D70E4E0
                                                                                                                                                                                                        SHA1:18AC05B0E17B8DBB35FB022CABA6DD9BD52C4D16
                                                                                                                                                                                                        SHA-256:079F97DB22980E83E8647C2DF1DE272B02CF226106A25298DA6AD188AD8A8F6D
                                                                                                                                                                                                        SHA-512:89D0702BEB82CE3AA5BE01D5F1FEAF7E3AFF90FD71ADAC09ED419986F797DF95FB8B70E8B494446310472BDAD93BDC88F6ABCA49DCC5D62AF3DAADC14680484E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13353007116088641","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13353007116088641","location":5,"ma

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):315
                                                                                                                                                                                                        Entropy (8bit):5.29679358347407
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAQi6q1cNwi23oH+Tcwtp3hBtB2KLltRAQurL+q2PcNwi23oH+Tcwtp3hBWsIF2:rKNVZYebp3dFLDKBryvLZYebp3eFUv
                                                                                                                                                                                                        MD5:4AA7979581C7D5F85BFDEA37A4BBD105
                                                                                                                                                                                                        SHA1:BAA3C4E8AC8A9B3A005E8C93AC9000F4A5BF6A22
                                                                                                                                                                                                        SHA-256:63E61D54B496859AB560A850367FF97942A0638CA1E4B8A42C1AA3D06EF3203D
                                                                                                                                                                                                        SHA-512:D296DF87345B9D7D072853E136DB558521ABA007A7EE9FBA45814FF52D85F1E39CAFA2FA46A97C62F5B9FDDE1DF63262B6390316676343C1538FE27FDBC31F8A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:53.649 24a8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/02/21-17:38:53.687 24a8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1976688
                                                                                                                                                                                                        Entropy (8bit):5.147719762598727
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:k0fTjgukKIshbVym1kAofENU/ifYcwn9deR:k0fBwmAn9deR
                                                                                                                                                                                                        MD5:FFEF9491D575ACC00810663F499936DF
                                                                                                                                                                                                        SHA1:7C46B38D94B563397E09DFF65049A91B569F5C95
                                                                                                                                                                                                        SHA-256:358BCCD76E7EDD5527ADEDC5E1A41D5F154907B864D66F551BA20D958B0C9058
                                                                                                                                                                                                        SHA-512:21B651855C39D53B6DEAC4DF16031BD87383E98476F72C6825E1626EB6C3DE5BEF9D836FE4BA98BCDEA8670334D34AAE9B245716247B5E79C4F4705865A88B6B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340965219355520.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):342
                                                                                                                                                                                                        Entropy (8bit):5.175989620753139
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRIIq2PcNwi23oH+Tcwt9Eh1tIFUt8KRWZmw+KRGVFWGPkwOcNwi23oH+Tcwt9Er:rDvLZYeb9Eh16FUt8KU/+KwV54ZYeb9O
                                                                                                                                                                                                        MD5:1C2A2BE54AA3984AD277B21851468138
                                                                                                                                                                                                        SHA1:EFFD20D119F4E74E7F1917FA864A8F1DCFD83A6A
                                                                                                                                                                                                        SHA-256:EE15BAEB3FD13C74961A4F0F78F3EF6B117B7F61089F08E2133912B8104737DE
                                                                                                                                                                                                        SHA-512:A3DB0992BD58D55A2001A8F82A28547C05BB19C58C2443BCBB305DAB169882BC43354BF0E6AD88D3D3D408CF338D37C9AFEACD0D28D1E228E19DF81DB73B1EA2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:41:56.553 3c44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/02/21-17:41:56.555 3c44 Recovering log #3.2024/02/21-17:41:56.580 3c44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):342
                                                                                                                                                                                                        Entropy (8bit):5.175989620753139
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRIIq2PcNwi23oH+Tcwt9Eh1tIFUt8KRWZmw+KRGVFWGPkwOcNwi23oH+Tcwt9Er:rDvLZYeb9Eh16FUt8KU/+KwV54ZYeb9O
                                                                                                                                                                                                        MD5:1C2A2BE54AA3984AD277B21851468138
                                                                                                                                                                                                        SHA1:EFFD20D119F4E74E7F1917FA864A8F1DCFD83A6A
                                                                                                                                                                                                        SHA-256:EE15BAEB3FD13C74961A4F0F78F3EF6B117B7F61089F08E2133912B8104737DE
                                                                                                                                                                                                        SHA-512:A3DB0992BD58D55A2001A8F82A28547C05BB19C58C2443BCBB305DAB169882BC43354BF0E6AD88D3D3D408CF338D37C9AFEACD0D28D1E228E19DF81DB73B1EA2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:41:56.553 3c44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/02/21-17:41:56.555 3c44 Recovering log #3.2024/02/21-17:41:56.580 3c44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old~RF55490.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):342
                                                                                                                                                                                                        Entropy (8bit):5.175989620753139
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRIIq2PcNwi23oH+Tcwt9Eh1tIFUt8KRWZmw+KRGVFWGPkwOcNwi23oH+Tcwt9Er:rDvLZYeb9Eh16FUt8KU/+KwV54ZYeb9O
                                                                                                                                                                                                        MD5:1C2A2BE54AA3984AD277B21851468138
                                                                                                                                                                                                        SHA1:EFFD20D119F4E74E7F1917FA864A8F1DCFD83A6A
                                                                                                                                                                                                        SHA-256:EE15BAEB3FD13C74961A4F0F78F3EF6B117B7F61089F08E2133912B8104737DE
                                                                                                                                                                                                        SHA-512:A3DB0992BD58D55A2001A8F82A28547C05BB19C58C2443BCBB305DAB169882BC43354BF0E6AD88D3D3D408CF338D37C9AFEACD0D28D1E228E19DF81DB73B1EA2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:41:56.553 3c44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/02/21-17:41:56.555 3c44 Recovering log #3.2024/02/21-17:41:56.580 3c44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                        Entropy (8bit):0.5060398096170102
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBD3nFJ/:TouQq3qh7z3bY2LNW9WMcUvBD3FJ
                                                                                                                                                                                                        MD5:E5689288890B011B36E37C503EAC9D8E
                                                                                                                                                                                                        SHA1:9F3A594A15B77D4AB65B7180899F5E803BDEC2D7
                                                                                                                                                                                                        SHA-256:91063D75DE664EB2FA52982D02D1FEBEBC7BDF6A3DA730895FE18C357ED12F3D
                                                                                                                                                                                                        SHA-512:D5BB6340C0CF03CB0B9F8B849B7E34813FCDF9C64EF56FAA4E9D3A53225BCC6994C9AD3774414A91D401029B8786DC08574E6B81B036F6AA41BC23438DC022B2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                        Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                        MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                        SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                        SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                        SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):800837
                                                                                                                                                                                                        Entropy (8bit):6.007974331872854
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:3+k5cybl1CBO6T3PylHXac11tAmZ3FYVDGVFsvFSpNu375vUxfXOJbgIwUI+IhJ3:3uybl1WEHptAmZaYQFN3MeBgINkg8
                                                                                                                                                                                                        MD5:9719E4E34235B7662DF263150CDF0B52
                                                                                                                                                                                                        SHA1:22A8AA1E15A8972375CAE8C161B4D6AFDD3FF2D9
                                                                                                                                                                                                        SHA-256:CFB4B8273480E1A8DF54118ACCB88CAF02434ABCC3441C3670B16E9FF37E66D2
                                                                                                                                                                                                        SHA-512:55311B5A7D35CF357CAA3E032AC2979F73425785B1182BE731CE18BE1DE03C640571437A5BF3388368A2A6C251E4CD0D02C58076153B55B7B714FDDC127830E1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1`i...................BLOOM_FILTER:..0{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":4753419,"primeBases":[5381,5381,5381,5381],"supportedDomains":"5eiUpv0RJiQN6jBRdq9Nos1sKYADLDvvKQg7QPyAZBKiLwMkRykyS6FaL/r/WZqdElPTumxuXXgJ4KOMxczTVEVjtFv8FFl/B0AzCkBXWN7nCy8xN7c4obD846rr6u777edqQXt4QtMY3fbne752vqOQFnvWSpabMmOMuD6eXGIJVe4xhPgSEgg6jY1L5BpHvLz3WL+xzJ1Nw8oCHSlXCSAauxpuXQqIDA8aaaLIQRg+P4AtZeGqOesAYWdGUDrBcLAn8tTvr97gbldT3z0xo13Z3WEUm0AM4FcwAyc0OsUhgGVB95yCYq0aRhpAgpY4TJw9VIn+3eleJX8/v9ZVormM/r6ITNKaH6r7IwCXEBbAAeATyOeVptCdbDzAKUFcOx/F8aBCGfTCCDzvdprWxoihcYxb6NCOI5hJmSDH8JDSUsFJn6NZj0bxpo1R47AHK9hqIPWfZqhDMjozjDHvXxCvY/4qf6cWbtyNWsovA8jb/ZQ/ilACdMRDMDNXNohCEBYZeh/RquA1Qzq0uCLC9qZU+CZXMTjkLgTvpklaqHHwaL7wmRgTAGj7bHvTY8ABDDxoIii8LJswRZOSB4sQm51GibvkG1RTPf/2vNuvq9eoUrTaP5LpynDy0CZ0NUY4kEAiQJwE0HzSL1AGrjIusYnciXXKdsFitfstwTgjoHNz562R+5prFtDT7hqRVS4+YvC7Psxer0yUmqzJOACbzDECDwo8b0BuGAS/dfpHcQJ6t3Dsur1lUFDEWiWScBiI9pcOWdBX0UKi1EKfksBYsDbE2bvjYLr1IGR

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):142
                                                                                                                                                                                                        Entropy (8bit):5.054121232288017
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:25rUvX38E28xp4m3rscUSVdahdR9pNlf+nETPxpK2x7L/kOCo27n:21EX38D8xSEsIVdopv+n0PxEWXYo27n
                                                                                                                                                                                                        MD5:B5E9C886F063792D48124BBFCEB5B14E
                                                                                                                                                                                                        SHA1:E1D3BE96EF8DA29C58748B8957E5C9C6C6B3D63D
                                                                                                                                                                                                        SHA-256:9C344AE4258685F16FCE305E337DBB706D9CB5D0F058625DE2D521AA8BA2DFA7
                                                                                                                                                                                                        SHA-512:B3270F20E432D68FF747F4780BBCC52B3FC288BDBDBDCFB50024BDBFA304664E79E04EF59F003BD394F0BB646732259169071CE4811CB7AE588A45717F832B3C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:g...9................BLOOM_FILTER_EXPIRY_TIME:.1708619933.371184....G................BLOOM_FILTER_LAST_MODIFIED:.Wed, 21 Feb 2024 13:40:08 GMT

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):800777
                                                                                                                                                                                                        Entropy (8bit):6.006986780319706
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:M+k5Zybl1CYi6T3Py+HXack1t/m+3FIVD0DFsoFUpNu3m4vU2fX6JVgqwUIQIhJf:Mbybl1fVHkt/m++kBF33LKLgqB6gS
                                                                                                                                                                                                        MD5:355C8BA56EF393E82FA820100BACB8BB
                                                                                                                                                                                                        SHA1:09C9ADE69D4CB52126F76A71E0209ADBDDECAE06
                                                                                                                                                                                                        SHA-256:A18F779C1D7CFA5B6CE89D3F6BF8E5BB5B4BC4D424E2D064B4F64B59A0A02187
                                                                                                                                                                                                        SHA-512:B45F39DE5493390ECFC566AF6B4BD81C70445A6E2305D7CC33789B11EB0BC864A10C26CCFAC6C3393F45C4F4FED3555832F2F6B6255FB32C141523796ABBD3C8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:....0BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":4753419,"primeBases":[5381,5381,5381,5381],"supportedDomains":"5eiUpv0RJiQN6jBRdq9Nos1sKYADLDvvKQg7QPyAZBKiLwMkRykyS6FaL/r/WZqdElPTumxuXXgJ4KOMxczTVEVjtFv8FFl/B0AzCkBXWN7nCy8xN7c4obD846rr6u777edqQXt4QtMY3fbne752vqOQFnvWSpabMmOMuD6eXGIJVe4xhPgSEgg6jY1L5BpHvLz3WL+xzJ1Nw8oCHSlXCSAauxpuXQqIDA8aaaLIQRg+P4AtZeGqOesAYWdGUDrBcLAn8tTvr97gbldT3z0xo13Z3WEUm0AM4FcwAyc0OsUhgGVB95yCYq0aRhpAgpY4TJw9VIn+3eleJX8/v9ZVormM/r6ITNKaH6r7IwCXEBbAAeATyOeVptCdbDzAKUFcOx/F8aBCGfTCCDzvdprWxoihcYxb6NCOI5hJmSDH8JDSUsFJn6NZj0bxpo1R47AHK9hqIPWfZqhDMjozjDHvXxCvY/4qf6cWbtyNWsovA8jb/ZQ/ilACdMRDMDNXNohCEBYZeh/RquA1Qzq0uCLC9qZU+CZXMTjkLgTvpklaqHHwaL7wmRgTAGj7bHvTY8ABDDxoIii8LJswRZOSB4sQm51GibvkG1RTPf/2vNuvq9eoUrTaP5LpynDy0CZ0NUY4kEAiQJwE0HzSL1AGrjIusYnciXXKdsFitfstwTgjoHNz562R+5prFtDT7hqRVS4+YvC7Psxer0yUmqzJOACbzDECDwo8b0BuGAS/dfpHcQJ6t3Dsur1lUFDEWiWScBiI9pcOWdBX0UKi1EKfksBYsDbE2bvjYLr1IGRSmcBhOlc9WRJREJ98GsG2b7yaGDBqxKyAJVOC7OALNXO

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):518
                                                                                                                                                                                                        Entropy (8bit):5.2644690504590095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:rKWTHM+vLZYebn9GFUt8KKWT0/+KKWT6MV54ZYebn95Z9tKGf0DKlVfnaLoKKKlP:OWT9lYeb9ig87WTVWTHoYeb9z+HmlgHx
                                                                                                                                                                                                        MD5:C3BAC400AA2014038C3248ADAF9080C9
                                                                                                                                                                                                        SHA1:A1159C53864D2FFCBE854D477B6DB3EBD637BB9E
                                                                                                                                                                                                        SHA-256:FF84B07AEF29AB51680C6179A24008E638B23B44D1826FEBD5DB33BF15C3F17B
                                                                                                                                                                                                        SHA-512:63A6C103F1E8D94DE1E2E079E2B8A25076F998F31C8B2A1260412A496DF06E8555A7C0615938F1D27C44FA1129FC8A9426A16D1F22D54EF169034012D95DE290
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.106 216c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/02/21-17:38:36.142 216c Recovering log #3.2024/02/21-17:38:36.150 216c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/02/21-17:38:53.431 23fc Level-0 table #5: started.2024/02/21-17:38:53.463 23fc Level-0 table #5: 800777 bytes OK.2024/02/21-17:38:53.464 23fc Delete type=0 #3.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):518
                                                                                                                                                                                                        Entropy (8bit):5.2644690504590095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:rKWTHM+vLZYebn9GFUt8KKWT0/+KKWT6MV54ZYebn95Z9tKGf0DKlVfnaLoKKKlP:OWT9lYeb9ig87WTVWTHoYeb9z+HmlgHx
                                                                                                                                                                                                        MD5:C3BAC400AA2014038C3248ADAF9080C9
                                                                                                                                                                                                        SHA1:A1159C53864D2FFCBE854D477B6DB3EBD637BB9E
                                                                                                                                                                                                        SHA-256:FF84B07AEF29AB51680C6179A24008E638B23B44D1826FEBD5DB33BF15C3F17B
                                                                                                                                                                                                        SHA-512:63A6C103F1E8D94DE1E2E079E2B8A25076F998F31C8B2A1260412A496DF06E8555A7C0615938F1D27C44FA1129FC8A9426A16D1F22D54EF169034012D95DE290
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.106 216c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/02/21-17:38:36.142 216c Recovering log #3.2024/02/21-17:38:36.150 216c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/02/21-17:38:53.431 23fc Level-0 table #5: started.2024/02/21-17:38:53.463 23fc Level-0 table #5: 800777 bytes OK.2024/02/21-17:38:53.464 23fc Delete type=0 #3.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):103
                                                                                                                                                                                                        Entropy (8bit):5.2678980147138414
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjqSljyhinpqpKxFxN3erkEtl:scoBY7jqStxpSKxFDkHl
                                                                                                                                                                                                        MD5:B0AF665DD02E796C1709D8EFADF97DEA
                                                                                                                                                                                                        SHA1:FA5D247124D94D90109636E5309A759C47C61BFA
                                                                                                                                                                                                        SHA-256:99D67F9F324D1AEC59B0B334018E1B5997073B2845A9629103CCD9F937BF4003
                                                                                                                                                                                                        SHA-512:7E0B3581D3B4391BB1FF7C4903624B3FE5F82F420011AD7AEBC41C76A1B7042EABC3DC18F6E03BFA50DF91976D1E7C6F9F0C6EE85DA4B183F71AF7F471625AD7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator.......T.7...............0.BLOOM_FILTER:.........DB_VERSION........

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):0.6139345810634487
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWeh3wNtjMA+:TLapR+DDNzWjJ0npnyXKUO8+j4Vpk4mL
                                                                                                                                                                                                        MD5:BBB76D1B7A292DD6187197C8FC7412F8
                                                                                                                                                                                                        SHA1:DB1EA2CD35EF39A957412830A0DCBD474ADD90C0
                                                                                                                                                                                                        SHA-256:82EA3ACA49531933CC2965CD6048B472EB21B8E0096ABAEAA318A9596210A99B
                                                                                                                                                                                                        SHA-512:CA514BC9541E5699F4E7BE8B894D850BE4C1180377A1BFB2BC0717CF938E01EDF387EA2A0382B303C89568323E4C4F1C3FD6D357EF1CBA25B8AAF3DDEA9A7991
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):392649
                                                                                                                                                                                                        Entropy (8bit):5.409262685759893
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:jz/imDpx6WsPS6KW4Hu5MURa8q49QxxCnyEndBuHltBfdK5WNbsVEkiPqCfXtLPJ:juJMqq49cEndBuHltBfdK5WNbsVEkiP9
                                                                                                                                                                                                        MD5:C512DD5F685C761220953F322512FB1D
                                                                                                                                                                                                        SHA1:11E995E5A2B383DD4F6D55FB95E4B75A0A88F71B
                                                                                                                                                                                                        SHA-256:E0EA730A6D9A66165C9DAB95280DCE800B20F3B6BA7AAE1D0109A0789CB1FA92
                                                                                                                                                                                                        SHA-512:C2E8EEA0005235B850CD1432505BBD6EE2FDA6941563A183BC35B057BD8C9A108E159C50E79DE30C04B7F284B8697D336E5D408FB152E63E88680DD72941C281
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1!..j................&QUERY_TIMESTAMP:domains_config_gz2.*.*.13353007136462127..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=%2Fwp1fD0xo8ywYyo5yFzHEjCMobUSk%2BZ4nmFYB%2FqjsBg%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-05-01T00%3A00%3A00Z&sp=r&assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":75},"hash":"EwG2gkfquexLj6u3yjHyiL4YQwdU318k1Hub+1rSDMI=","size":391864}]....}...............ASSET_VERSION:domains_config_gz.2.8.75..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko":

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):317
                                                                                                                                                                                                        Entropy (8bit):5.214929063025037
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAQgNq1cNwi23oH+Tcwtk2WwnvB2KLltRAQAC1L+q2PcNwi23oH+Tcwtk2Wwnvh:rKiZYebkxwnvFLDKjMyvLZYebkxwnQF2
                                                                                                                                                                                                        MD5:FAD63DE8E1CAFD09276E8B5BAD0F8D50
                                                                                                                                                                                                        SHA1:86FD8B6D893688BADFDD87F3D285D7FF450412BE
                                                                                                                                                                                                        SHA-256:E6AB1D097D62E3F5AF13A1E4F3F0FBF13818C7C9FA14CE32EECDA3E640589FC6
                                                                                                                                                                                                        SHA-512:FDF09D7B263D6AA53D3CE5FA4C34CF91B44AD32FC5B229571F8F9B68D09AD1877C672047059FBB58C263CEB2AB2A846D3696CCBA86A8350B641689023237B14B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:55.561 2f18 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/02/21-17:38:55.983 2f18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):374811
                                                                                                                                                                                                        Entropy (8bit):5.396172020180511
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:dWLgimLVvUrsc6rRA81b/18jyJNjfvrfM6Ro:cLBgAg1zfvg
                                                                                                                                                                                                        MD5:C8059D3922E348433BB19364C002487D
                                                                                                                                                                                                        SHA1:DA0F90A99917C14E19CAFD13318134BDFD8F9648
                                                                                                                                                                                                        SHA-256:6E27E454D0A605FF7225CCD3177CB8778F0ADFC11D08BE5AAAEF4ED38597335F
                                                                                                                                                                                                        SHA-512:438C75A4086F3239FAD22DAEBB1E9FA2BDFA79999859531CEA5BEA8671D26AEFD502DC4FC8E6CBFFED07935F509B292E6AE7560F53FD21FB41A7B731BFA7EF7D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):418
                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                        MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                        SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                        SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                        SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                        Entropy (8bit):5.230343563100285
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWTa4+q2PcNwi23oH+Tcwt8aPrqIFUt8KRAWTFKZmw+KRAWT+4VkwOcNwi23oD:rKWTSvLZYebL3FUt8KKWTQ/+KKWT1546
                                                                                                                                                                                                        MD5:6327C7F56FDA62C9146CA478E8973D05
                                                                                                                                                                                                        SHA1:291644FFADE2C8FBBF9BD5092AEA7B9890275791
                                                                                                                                                                                                        SHA-256:0B07D0A1537706E36844A362E10F3786C75914142FA32C96DB2A69583B7A16BE
                                                                                                                                                                                                        SHA-512:42B5A77034AC49EB4CE3F2ECEC3992C92C39803944957A945788B6C7ED0AEF0525CC5A0EE39273B55F5BFB14FEE005EE8EE750458B88BDCBA2134FDB280F2F59
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.133 2458 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/02/21-17:38:36.150 2458 Recovering log #3.2024/02/21-17:38:36.151 2458 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                        Entropy (8bit):5.230343563100285
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWTa4+q2PcNwi23oH+Tcwt8aPrqIFUt8KRAWTFKZmw+KRAWT+4VkwOcNwi23oD:rKWTSvLZYebL3FUt8KKWTQ/+KKWT1546
                                                                                                                                                                                                        MD5:6327C7F56FDA62C9146CA478E8973D05
                                                                                                                                                                                                        SHA1:291644FFADE2C8FBBF9BD5092AEA7B9890275791
                                                                                                                                                                                                        SHA-256:0B07D0A1537706E36844A362E10F3786C75914142FA32C96DB2A69583B7A16BE
                                                                                                                                                                                                        SHA-512:42B5A77034AC49EB4CE3F2ECEC3992C92C39803944957A945788B6C7ED0AEF0525CC5A0EE39273B55F5BFB14FEE005EE8EE750458B88BDCBA2134FDB280F2F59
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.133 2458 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/02/21-17:38:36.150 2458 Recovering log #3.2024/02/21-17:38:36.151 2458 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):418
                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                        MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                        SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                        SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                        SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):334
                                                                                                                                                                                                        Entropy (8bit):5.251539536612002
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWTi+q2PcNwi23oH+Tcwt865IFUt8KRAWTAZmw+KRAWTsUtmVkwOcNwi23oH+v:rKWTzvLZYeb/WFUt8KKWTA/+KKWTsUtF
                                                                                                                                                                                                        MD5:70C6247D7A42D15AA40B296EA1D0FBC7
                                                                                                                                                                                                        SHA1:968C2123F1D5DD994A9AE36CC503C02226E3E5A7
                                                                                                                                                                                                        SHA-256:C04B78CCFEF8522E5091DD991835268F24F28366105EC05D9B4D0D6589815B13
                                                                                                                                                                                                        SHA-512:B00437EF3F18798F15E6FD45EA0973015399A57C1FD62944720647B78E6C55F727FC0EFB5A02FE7CD6887A33C801076AA96D67FD549CFBB3998F89AE8EFDCF37
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.189 2458 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/02/21-17:38:36.248 2458 Recovering log #3.2024/02/21-17:38:36.251 2458 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):334
                                                                                                                                                                                                        Entropy (8bit):5.251539536612002
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWTi+q2PcNwi23oH+Tcwt865IFUt8KRAWTAZmw+KRAWTsUtmVkwOcNwi23oH+v:rKWTzvLZYeb/WFUt8KKWTA/+KKWTsUtF
                                                                                                                                                                                                        MD5:70C6247D7A42D15AA40B296EA1D0FBC7
                                                                                                                                                                                                        SHA1:968C2123F1D5DD994A9AE36CC503C02226E3E5A7
                                                                                                                                                                                                        SHA-256:C04B78CCFEF8522E5091DD991835268F24F28366105EC05D9B4D0D6589815B13
                                                                                                                                                                                                        SHA-512:B00437EF3F18798F15E6FD45EA0973015399A57C1FD62944720647B78E6C55F727FC0EFB5A02FE7CD6887A33C801076AA96D67FD549CFBB3998F89AE8EFDCF37
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.189 2458 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/02/21-17:38:36.248 2458 Recovering log #3.2024/02/21-17:38:36.251 2458 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1254
                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                        MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                        SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                        SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                        SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                        Entropy (8bit):5.180392020930249
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWN34q2PcNwi23oH+Tcwt8NIFUt8KRAW03JZmw+KRAW03DkwOcNwi23oH+TcwY:rKWNIvLZYebpFUt8KKWI/+KKWQ54ZYey
                                                                                                                                                                                                        MD5:F99C28EE56FA81BB5B9FABF98D709FE0
                                                                                                                                                                                                        SHA1:B69A371BBCE1F0C329C6615328124635432E6922
                                                                                                                                                                                                        SHA-256:21E24E7E51F6E4270BA8F80F892FE807AA5521173830DD09EF614E35EB80FC64
                                                                                                                                                                                                        SHA-512:16FC3271B8C1EDE76BDF82568F9B364326BAFA46B61C453499F8F4934B9CBC1EF5D0301C3DD955ADE02B8A47C016C59ABCED38C81A3CBCF3AA5C6695B1F578C7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:37.702 2514 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/02/21-17:38:37.707 2514 Recovering log #3.2024/02/21-17:38:37.707 2514 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                        Entropy (8bit):5.180392020930249
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWN34q2PcNwi23oH+Tcwt8NIFUt8KRAW03JZmw+KRAW03DkwOcNwi23oH+TcwY:rKWNIvLZYebpFUt8KKWI/+KKWQ54ZYey
                                                                                                                                                                                                        MD5:F99C28EE56FA81BB5B9FABF98D709FE0
                                                                                                                                                                                                        SHA1:B69A371BBCE1F0C329C6615328124635432E6922
                                                                                                                                                                                                        SHA-256:21E24E7E51F6E4270BA8F80F892FE807AA5521173830DD09EF614E35EB80FC64
                                                                                                                                                                                                        SHA-512:16FC3271B8C1EDE76BDF82568F9B364326BAFA46B61C453499F8F4934B9CBC1EF5D0301C3DD955ADE02B8A47C016C59ABCED38C81A3CBCF3AA5C6695B1F578C7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:37.702 2514 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/02/21-17:38:37.707 2514 Recovering log #3.2024/02/21-17:38:37.707 2514 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):429
                                                                                                                                                                                                        Entropy (8bit):5.809210454117189
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                        MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                        SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                        SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                        SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 13, cookie 0x8, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                        Entropy (8bit):2.8710641412909226
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:rBCyPJNxK5/vEhHNxirDiJuuoKwDYjDTXH9wQInmBgyelS9nsH4/AztcARj2:NNxLK9oLsWJPo1k3NwHqgOsHXzCAN
                                                                                                                                                                                                        MD5:AEC5E847C6D557BA539E7267229C0E05
                                                                                                                                                                                                        SHA1:D7540AB063EAC59E45BED6618141657A5CA1F840
                                                                                                                                                                                                        SHA-256:B1FFECCAF5B46D8FF16EBC41CF3AB6ADA004E8AB846BD9301E699EF4CB058A69
                                                                                                                                                                                                        SHA-512:93C81A1429ABF1802698C646C4C6EC51215A632FA757A4BE7670C23A4D2DABA21E58A4EE0ACB97213F48AD38EB69038B17B31A321DDB3C7827304ACE0EB5F3D6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                        Entropy (8bit):0.7545569274074545
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:lALtU65hH+bDo3iN0Z2TVJkXBBE3ybBwLd:lUK65hIU3iGAIBBE3qqd
                                                                                                                                                                                                        MD5:6D88E8A0EC6210644D36ED00D5573E3C
                                                                                                                                                                                                        SHA1:32393354B0B439355D362E5DE6CFA8FE33C519F2
                                                                                                                                                                                                        SHA-256:02BA1EF737335A4165005CB4A4FD15CF04B17C2655096F999D6C96AB4277B0A5
                                                                                                                                                                                                        SHA-512:931D3D974D86B8A4C332D8125225FE502C4EE4271093B2AEC1D2A00BD3B46840A8D1453E25E442E8E5838D71F7665B78260673374B85A113EDE7BB186D891F67
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8720
                                                                                                                                                                                                        Entropy (8bit):0.2181099731442955
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:p7tFlljq7A/mhWJFuQ3yy7IOWUNTQdweytllrE9SFcTp4AGbNCV9RUIcRn:O75fOnTQd0Xi99pEYyn
                                                                                                                                                                                                        MD5:AD3FCC58897A52DE97FF27899E20D5C3
                                                                                                                                                                                                        SHA1:1C45740A370751138A0CF9CE055AC1FC494FC72E
                                                                                                                                                                                                        SHA-256:8B7352E400B2A3F853DD5399271FB43565CC22C65006485699EC98254F909C6B
                                                                                                                                                                                                        SHA-512:C413173E66AB130FD80D354537B1B63DA618982A77B164A352B4A20D0CC21C220A564D515941B364E40A589590373D884C4BFCB329DD322A2F5283185D68E7E3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:............(h.t...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):115717
                                                                                                                                                                                                        Entropy (8bit):5.183660917461099
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                        MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                        SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                        SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                        SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                                                        Entropy (8bit):3.6481260415575596
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:aj9P012QkQerkjlxP/KbtLcg773pL9hCgam6ItRKToaAu:adPe2mlxP/Ng7Pv9RKcC
                                                                                                                                                                                                        MD5:8D3B8E3A72C40BAD6B53D27E09419923
                                                                                                                                                                                                        SHA1:561B9DDED7215DE5C2D7E4FDB64D5EB8A010A62C
                                                                                                                                                                                                        SHA-256:4C7F428D712485570F5840B0FA241809A64B9AF4D3BB4055663DAED3F371F09C
                                                                                                                                                                                                        SHA-512:B77E85B650C227FBAE00CBCBF0C87D6C883ABEAA0255D740CDFA2EE41E2E6E5DEB971CF51649C3399815AC058F1B175C7BBF2FC3CEC983B6ACEF67C2323EB624
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):232027
                                                                                                                                                                                                        Entropy (8bit):6.081952108719382
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:pbIdI1OKvyCukKe/HWDn06o/4gsW8INey9DyIKop4Fs6mDuRy1oAuQ:7OKLl
                                                                                                                                                                                                        MD5:545FD09A9BFBCA39218213E6AD3F653D
                                                                                                                                                                                                        SHA1:7FDD8BABCC64A0183DFE26257FB0E8B80C1899D4
                                                                                                                                                                                                        SHA-256:D57A292124600E0800C3AE7559A9A8AD2FE4AB564CDC22F3C55A2157048D8D6D
                                                                                                                                                                                                        SHA-512:15001619AF5FF5BE760F0B9136962AF29FE8F7EC515B595270753F357D8D405C138CCCE532F38962FB2A2A8E7AEDEE01AED4EF66974511B4615C2FB5BD543643
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:. ......................2......."....................................xw:hv........................K.......h.t.t.p.s._.w.w.w...y.o.u.t.u.b.e...c.o.m._.0.@.1..Y.t.I.d.b.M.e.t.a....................R.g.L.............................2.......................2........................L.................................2....d.a.t.a.b.a.s.e.s......2........a.c.t.u.a.l.N.a.m.e......2..........2..........2..........2..........2..........2.............d.a.t.a.b.a.s.e.s........2.........2...........................2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2.......................d.a.t.a.b.a.s.e.s...... .................2.................2.................2.................2.................2.................2.................2.................2.................2.................2.................2......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):361
                                                                                                                                                                                                        Entropy (8bit):5.309768771964687
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rR6Xt3ERM1cNwi23oH+TcwtEqSAxG7RB2KLltRzdb4q2PcNwi23oH+TcwtEqSAxA:rUXuR2ZYebXG7RFLDxB4vLZYebXG7iF2
                                                                                                                                                                                                        MD5:0B2A35C52C5E5D73DA3EB0C9BCDD12B4
                                                                                                                                                                                                        SHA1:718AE2103DB1AFF49B1DA1503245174B68B50A29
                                                                                                                                                                                                        SHA-256:27AAA0EF5C6693E40CDB8E17193814D311C4A988B3DDB2578985C06FBF744DEC
                                                                                                                                                                                                        SHA-512:DF1C97DA17B659A56B7845A59109AB79147303BE76E3DAB7ECD9609738ECEECC3F1010C552344FB06A93E673323012858E759F7FD0E0C866284129F1EAC366E4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:39:22.232 1a24 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb since it was missing..2024/02/21-17:39:22.358 1a24 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb/MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):23
                                                                                                                                                                                                        Entropy (8bit):4.142914673354254
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:Fdb+4Ll:Zl
                                                                                                                                                                                                        MD5:3FD11FF447C1EE23538DC4D9724427A3
                                                                                                                                                                                                        SHA1:1335E6F71CC4E3CF7025233523B4760F8893E9C9
                                                                                                                                                                                                        SHA-256:720A78803B84CBCC8EB204D5CF8EA6EE2F693BE0AB2124DDF2B81455DE02A3ED
                                                                                                                                                                                                        SHA-512:10A3BD3813014EB6F8C2993182E1FA382D745372F8921519E1D25F70D76F08640E84CB8D0B554CCD329A6B4E6DE6872328650FEFA91F98C3C0CFC204899EE824
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:........idb_cmp1......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):414
                                                                                                                                                                                                        Entropy (8bit):5.292504861936821
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:rKjvLZYeb8rcHEZrELFUt8KK//+KKt54ZYeb8rcHEZrEZSJ:OjlYeb8nZrExg87W/oYeb8nZrEZe
                                                                                                                                                                                                        MD5:5BEBE534E25A8AAF2EF5C0B8BB330362
                                                                                                                                                                                                        SHA1:0366AFB6EBB3F825B81211F8DC0180A7F233CC28
                                                                                                                                                                                                        SHA-256:28C46375BFF3B7268D0B022B3DA297701E4D0819D91818002132DBF10DA57FEB
                                                                                                                                                                                                        SHA-512:DE2547A4A6B61775B3F1D7ECC005D019418FDA2AD0B159C616D66888ECEDD43BB084D6F2E6B23DCAD9C9875A88FC74A51DE4604C2234817547A4741EDCB8A268
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:53.137 2514 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/02/21-17:38:53.138 2514 Recovering log #3.2024/02/21-17:38:53.138 2514 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):414
                                                                                                                                                                                                        Entropy (8bit):5.292504861936821
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:rKjvLZYeb8rcHEZrELFUt8KK//+KKt54ZYeb8rcHEZrEZSJ:OjlYeb8nZrExg87W/oYeb8nZrEZe
                                                                                                                                                                                                        MD5:5BEBE534E25A8AAF2EF5C0B8BB330362
                                                                                                                                                                                                        SHA1:0366AFB6EBB3F825B81211F8DC0180A7F233CC28
                                                                                                                                                                                                        SHA-256:28C46375BFF3B7268D0B022B3DA297701E4D0819D91818002132DBF10DA57FEB
                                                                                                                                                                                                        SHA-512:DE2547A4A6B61775B3F1D7ECC005D019418FDA2AD0B159C616D66888ECEDD43BB084D6F2E6B23DCAD9C9875A88FC74A51DE4604C2234817547A4741EDCB8A268
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:53.137 2514 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/02/21-17:38:53.138 2514 Recovering log #3.2024/02/21-17:38:53.138 2514 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2149
                                                                                                                                                                                                        Entropy (8bit):5.702313904117639
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:FCgGE5PE/+DWsEMSyQfneO5PE/VDR2KHjPd6I1D4xu3:F9ZPE/oWsEM2ecPE/NR/HjPd/t4xu3
                                                                                                                                                                                                        MD5:2BD89CD772A8742169AFAA5661A26421
                                                                                                                                                                                                        SHA1:D3EB35000E60B86A3ADC0C9E365553437AE5DFFF
                                                                                                                                                                                                        SHA-256:9C3BBE392E7E2B2A0C0AC45EBA5621420D2B0ECE75774E654577756EA0AD8E09
                                                                                                                                                                                                        SHA-512:6F9B00B6FA0ADD01D9D7855CA9FD78CCF49DC006E84CB12325B531F031E0846FB2DF1469382AF9EB77244132EB6FA6A74C0D1587FB319CD376E590BF63FAA9AA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:@y..(................VERSION.1..META:https://www.facebook.com..........]."_https://www.facebook.com..Session..jk2rew:1708533556726.'_https://www.facebook.com..hb_timestamp..1708533524944.1_https://www.facebook.com..signal_flush_timestamp..1708533524962.0_https://www.facebook.com..__test__1708533520563.&_https://www.facebook.com..check_quota.'_https://www.facebook.com..mutex_banzai.9_https://www.facebook.com..mutex_falco_queue_critical^$^$.<_https://www.facebook.com..mutex_falco_queue_immediately^$^$.4_https://www.facebook.com..mutex_falco_queue_log^$^$8....................META:https://www.youtube.com..........t.6_https://www.youtube.com..ytidb::LAST_RESULT_ENTRY_KEYW.{"data":{"hasSucceededOnce":true},"expiration":1711125563923,"creation":1708533563923}.._https://www.youtube.com..__sakQ...S............... META:https://accounts.google.com.#_https://accounts.google.com..__sak...#................META:https://www.facebook.com............"_https://www.facebook.com..Session..lua0n8:17085

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):342
                                                                                                                                                                                                        Entropy (8bit):5.223719011587069
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWTI1WM+q2PcNwi23oH+Tcwt8a2jMGIFUt8KRAWTWj1Zmw+KRAWTB1WMVkwOcT:rKWTI9+vLZYeb8EFUt8KKWTWj1/+KKWB
                                                                                                                                                                                                        MD5:BFAF25837EC8B72F21870E3AAECE4C44
                                                                                                                                                                                                        SHA1:7570AFEB1E0289BB5B60679E862EB3CF3D9EAFD8
                                                                                                                                                                                                        SHA-256:129FD7FC520736B5F72BAC3C0A7DD3EE4F0139694E954D43BD7F4F724449CB42
                                                                                                                                                                                                        SHA-512:790B4E47827797C39E9CC86BF0EC43E1C4AD527750A0B4EEC2927888B7F52434AB3A367AEE66D755E5039B4FB5F30CF3B155DAA837A2CCE5171408AE0CABB404
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.549 27ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/02/21-17:38:36.550 27ac Recovering log #3.2024/02/21-17:38:36.555 27ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):342
                                                                                                                                                                                                        Entropy (8bit):5.223719011587069
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWTI1WM+q2PcNwi23oH+Tcwt8a2jMGIFUt8KRAWTWj1Zmw+KRAWTB1WMVkwOcT:rKWTI9+vLZYeb8EFUt8KKWTWj1/+KKWB
                                                                                                                                                                                                        MD5:BFAF25837EC8B72F21870E3AAECE4C44
                                                                                                                                                                                                        SHA1:7570AFEB1E0289BB5B60679E862EB3CF3D9EAFD8
                                                                                                                                                                                                        SHA-256:129FD7FC520736B5F72BAC3C0A7DD3EE4F0139694E954D43BD7F4F724449CB42
                                                                                                                                                                                                        SHA-512:790B4E47827797C39E9CC86BF0EC43E1C4AD527750A0B4EEC2927888B7F52434AB3A367AEE66D755E5039B4FB5F30CF3B155DAA837A2CCE5171408AE0CABB404
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.549 27ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/02/21-17:38:36.550 27ac Recovering log #3.2024/02/21-17:38:36.555 27ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                                                        Entropy (8bit):0.45940558137067217
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fBoj/wLRXDv:TxKX0wxORAmA/U1cEBoj/MFDv
                                                                                                                                                                                                        MD5:08AE8F7BFA82CD67747DF06DC4323D85
                                                                                                                                                                                                        SHA1:7BC67B3B7074D0040EA18E0514CE7A9B27B3B938
                                                                                                                                                                                                        SHA-256:CCE2ACF1BA0F68608579D06CD910115F1F2A7896D97114708F70753651BA3E77
                                                                                                                                                                                                        SHA-512:7A79BD704FF008D47F548E48E0F7FEF1F57F63CF19910A5EE6FD4429471790FB28419007C20A7991ADB91301C87F266A3ACC73B3750944C6211517225F767639
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0fc65555-50a3-4527-980d-8334d4981e8a.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4de89c41-d3c6-4331-9161-bd486a4d9f0e.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1618
                                                                                                                                                                                                        Entropy (8bit):5.3035190857054575
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyDF:F2vu22keBxukOhy
                                                                                                                                                                                                        MD5:D07414264D2DA6A121F18223DC50EC04
                                                                                                                                                                                                        SHA1:814D93916C113C3BCB1AFF03A5AB5E9CB2A7BD1E
                                                                                                                                                                                                        SHA-256:D594EC617D902BC5C2742BDF21E9D7DFD29CC95A3C1AA7EC8C2D7BA07417A54B
                                                                                                                                                                                                        SHA-512:93746830632AE0D4E0A764C1226D21474C1282831E1A642ED37973841C5AB1E0FB63F89D55B3ACA3460EC3510D464ABCE7157A5128B5DA694AB3D1A7A53D56A4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\553991f4-7c04-4e19-afff-5f9c55e56c10.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7201
                                                                                                                                                                                                        Entropy (8bit):5.289943396214859
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:FshK8KZ25yfkqbBoWeyOUASr0Srg9dwNkAOc5Y0+9L1bRfVVt7amG0Ytom:FshK8KZ25ikqbBoWeyOUASr0Srg9dwNx
                                                                                                                                                                                                        MD5:C3CBEECC2DF183EF26537D19B4D3BBDC
                                                                                                                                                                                                        SHA1:7DFB7AE8D97AF1F14723C75E364299A5D4001B50
                                                                                                                                                                                                        SHA-256:794E6F713D099CEEB73B17790119435528E5D1B576D357048A7BBCE24B4F3F32
                                                                                                                                                                                                        SHA-512:14F27867528583EA8AFB26A47E5B84AA78C8F30139A5A2AD0C27128A953A951FED731B93F74E543E6FCCDB47EBA3D4FA2890016983AA64DB47ED738328716265
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13355599118890689","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13355599133698401","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",f

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6f595345-440f-4db7-8102-fd3935c7f4e3.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):692
                                                                                                                                                                                                        Entropy (8bit):5.5547638917670605
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:YWy26A9dn+UAnIwPrnfXI2pcO+UAnIwSSqRIQ8rNgmh4r+UAnIwS8dBS1lR7N+U6:Yh2vEUEDvtSUtSLQkG1KUt8dg1b7wU1Q
                                                                                                                                                                                                        MD5:490A9D00F0CC80F2470570D97C163711
                                                                                                                                                                                                        SHA1:C6E4DCBF218921BE79893C7DE1CEFF2C5B1C14B8
                                                                                                                                                                                                        SHA-256:0DBA0F5B739021414AC515A7C23EE37A5A4B41A2873AF726C5CB8230E78649B2
                                                                                                                                                                                                        SHA-512:3D08A22A5A26A304A8CB5331F102FF3EDFB044A4FBA547F250C4F2F35A12906F07B7D825610750F323F4184BC22B04CE1F4CB1156A98448D998739D77138F475
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085585.614062,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533585.614068},{"expiry":1740069571.867684,"host":"kYxWDeIDVgesBS02XkmPRTIpB0nkimBvKZESXctn8eA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533571.867688},{"expiry":1740069574.038644,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533574.038648},{"expiry":1740069564.437228,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1708533564.437233}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\816b1000-31f0-4914-921d-20c9556b6d91.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6567
                                                                                                                                                                                                        Entropy (8bit):5.300401703671517
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:FshK8KZ25AyfkqbBoWN4KS0AheyZHOUYOFZASr0+WL6YwbgczSyYg9dO:FshK8KZ25AikqbBoWN4KS0AheyZHOUYL
                                                                                                                                                                                                        MD5:BD8E4505CD888FBA072D22E98A78F8F9
                                                                                                                                                                                                        SHA1:708FAD3277B0E7AAAA5A6667424975F4C4BBB5FA
                                                                                                                                                                                                        SHA-256:8F84642B0238EB6754D6F6E18EC423664DDCDDDB4A93F02F8DD90C3419596F59
                                                                                                                                                                                                        SHA-512:CEE64289B82B24DEF40946FA2F30E25947CAD3E28AA71D7A41B579AE2C14757876849ACBE1C613E0D91379B6CDFB6AF7F4F2B2284FB5934C20CBD4F9CD0C66CE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13355599118890689","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13355599133698401","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",f

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\835bd054-6219-4024-a075-127f79d44335.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):5.437153200952938
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWRAWNjPdXcWo4Q+oD/QJ9mRCwXtrpR8HQXwlm9yJUA6XcIR6DghXMqqLX3i5SQ:YWyWNbdXRxAD/8TWdj8wXwlmUUAnIMON
                                                                                                                                                                                                        MD5:013D669A62D7F2031B68F946B54080EF
                                                                                                                                                                                                        SHA1:34441A79572B1915215A25BDE81F31594C1B31D2
                                                                                                                                                                                                        SHA-256:72CD1FC5D28474CF2E7D4322B2144E7099A77795A5376C28B4C0BB044CE3915F
                                                                                                                                                                                                        SHA-512:17BF6E933005B9C1513B628B9A62C5115450FB4E6501C1489217305AD9026978F043346CA966CF76EC7CB024B8510CD933D163BB643EFA874430FA919F3DDE4A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085526.093414,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533526.093419}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\86985bb4-760c-493c-9a2d-7238cf8c4cf8.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7202
                                                                                                                                                                                                        Entropy (8bit):5.289760068253188
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:FshK8KZ25AyfkqbBoWeyOUASr0Srg9dwNkKz0AOc5Y0+9L1bRfhs7oYoVL:FshK8KZ25AikqbBoWeyOUASr0Srg9dw6
                                                                                                                                                                                                        MD5:A7BD0F20B647CA941D0D7DB977FB2919
                                                                                                                                                                                                        SHA1:B7BE0D5AD4264FBC5982563043967DCC2501A073
                                                                                                                                                                                                        SHA-256:F25149FD1890463C957B27AB586C4AF07FB1F844EDB9E696776AE6C1035D1634
                                                                                                                                                                                                        SHA-512:C04D5E827832B4FA4D5986B486140097A5F0F39077D9C5127CD88B37293F475BF47641D858A56FA566D1D0BBE1472BC64BCCC9FDFD02E27162F3881E09747D11
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13355599118890689","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13355599133698401","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",f

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\875bc927-d56f-4257-af46-3ddaabece052.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\98eebb7e-c397-49f6-b9b4-5f8cab8c7e1f.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):692
                                                                                                                                                                                                        Entropy (8bit):5.560316823441137
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:YWyL4A9dn+UAnIwAxmnfXI2pcO+UAnIwSSqRIQ8rNgmh4r+UAnIwS8dBS1lR7N+J:YhLdEUkvtSUtSLQkG1KUt8dg1b7wU1Q
                                                                                                                                                                                                        MD5:4637FF198FDE29FEA5E650AEBE84F5CE
                                                                                                                                                                                                        SHA1:5A3C17F22215D4CA05E6C93C256D77108DA8B32B
                                                                                                                                                                                                        SHA-256:88F5DC5FAFC6338912B13F76690E5C56EE49D6709A946639440853F0B3E1A052
                                                                                                                                                                                                        SHA-512:FE41A1B1099B191C8F21B3172008E8A8E1B732F0D2BE32AD7B06D2F0A499DBEF70ED228DF45A0A705D234452BFA22B8B94B51CA4F6F3647649ED57FC5C6CF4D1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085569.643939,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533569.643943},{"expiry":1740069571.867684,"host":"kYxWDeIDVgesBS02XkmPRTIpB0nkimBvKZESXctn8eA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533571.867688},{"expiry":1740069574.038644,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533574.038648},{"expiry":1740069564.437228,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1708533564.437233}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9d5d6299-232a-4943-b49e-1664cc30f860.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1618
                                                                                                                                                                                                        Entropy (8bit):5.302994819295006
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                        MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                        SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                        SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                        SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1618
                                                                                                                                                                                                        Entropy (8bit):5.302994819295006
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                        MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                        SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                        SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                        SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4559e.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1618
                                                                                                                                                                                                        Entropy (8bit):5.302994819295006
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                        MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                        SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                        SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                        SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4dc33.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1618
                                                                                                                                                                                                        Entropy (8bit):5.302994819295006
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                        MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                        SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                        SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                        SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF513ce.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1618
                                                                                                                                                                                                        Entropy (8bit):5.302994819295006
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                        MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                        SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                        SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                        SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF58322.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1618
                                                                                                                                                                                                        Entropy (8bit):5.302994819295006
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                        MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                        SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                        SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                        SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                        Entropy (8bit):3.03179731427721
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ifIEumQv8m1ccnvS6Jza72NfeL2yP9DZPBuTLGueFAr:iEpXpa72teL2mFtQOzAr
                                                                                                                                                                                                        MD5:C8CD5A547205C394D37270150BD9986E
                                                                                                                                                                                                        SHA1:69D7D06B0C99975246BFDDE9FEA4413B6AC2761A
                                                                                                                                                                                                        SHA-256:F8953AA1BA2ED0728DF016E7E00EB95E2EA53788B7F2A93D29AE677797559D7D
                                                                                                                                                                                                        SHA-512:F7332A4DD7E5D132ED693D2141AD7E47CD83FA8E352CB3AE6A0C79A677CAA6AB91C96F4CC2B83F80E7AEC68E279971E00BD3E1090464DF89EF8CAEA8ABB8737B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2b5d9.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF532cf.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF5a84d.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):5.437153200952938
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWRAWNjPdXcWo4Q+oD/QJ9mRCwXtrpR8HQXwlm9yJUA6XcIR6DghXMqqLX3i5SQ:YWyWNbdXRxAD/8TWdj8wXwlmUUAnIMON
                                                                                                                                                                                                        MD5:013D669A62D7F2031B68F946B54080EF
                                                                                                                                                                                                        SHA1:34441A79572B1915215A25BDE81F31594C1B31D2
                                                                                                                                                                                                        SHA-256:72CD1FC5D28474CF2E7D4322B2144E7099A77795A5376C28B4C0BB044CE3915F
                                                                                                                                                                                                        SHA-512:17BF6E933005B9C1513B628B9A62C5115450FB4E6501C1489217305AD9026978F043346CA966CF76EC7CB024B8510CD933D163BB643EFA874430FA919F3DDE4A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085526.093414,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533526.093419}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3a9fd.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):5.437153200952938
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWRAWNjPdXcWo4Q+oD/QJ9mRCwXtrpR8HQXwlm9yJUA6XcIR6DghXMqqLX3i5SQ:YWyWNbdXRxAD/8TWdj8wXwlmUUAnIMON
                                                                                                                                                                                                        MD5:013D669A62D7F2031B68F946B54080EF
                                                                                                                                                                                                        SHA1:34441A79572B1915215A25BDE81F31594C1B31D2
                                                                                                                                                                                                        SHA-256:72CD1FC5D28474CF2E7D4322B2144E7099A77795A5376C28B4C0BB044CE3915F
                                                                                                                                                                                                        SHA-512:17BF6E933005B9C1513B628B9A62C5115450FB4E6501C1489217305AD9026978F043346CA966CF76EC7CB024B8510CD933D163BB643EFA874430FA919F3DDE4A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085526.093414,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533526.093419}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3eaee.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):5.437153200952938
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWRAWNjPdXcWo4Q+oD/QJ9mRCwXtrpR8HQXwlm9yJUA6XcIR6DghXMqqLX3i5SQ:YWyWNbdXRxAD/8TWdj8wXwlmUUAnIMON
                                                                                                                                                                                                        MD5:013D669A62D7F2031B68F946B54080EF
                                                                                                                                                                                                        SHA1:34441A79572B1915215A25BDE81F31594C1B31D2
                                                                                                                                                                                                        SHA-256:72CD1FC5D28474CF2E7D4322B2144E7099A77795A5376C28B4C0BB044CE3915F
                                                                                                                                                                                                        SHA-512:17BF6E933005B9C1513B628B9A62C5115450FB4E6501C1489217305AD9026978F043346CA966CF76EC7CB024B8510CD933D163BB643EFA874430FA919F3DDE4A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085526.093414,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533526.093419}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF4559e.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):5.437153200952938
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWRAWNjPdXcWo4Q+oD/QJ9mRCwXtrpR8HQXwlm9yJUA6XcIR6DghXMqqLX3i5SQ:YWyWNbdXRxAD/8TWdj8wXwlmUUAnIMON
                                                                                                                                                                                                        MD5:013D669A62D7F2031B68F946B54080EF
                                                                                                                                                                                                        SHA1:34441A79572B1915215A25BDE81F31594C1B31D2
                                                                                                                                                                                                        SHA-256:72CD1FC5D28474CF2E7D4322B2144E7099A77795A5376C28B4C0BB044CE3915F
                                                                                                                                                                                                        SHA-512:17BF6E933005B9C1513B628B9A62C5115450FB4E6501C1489217305AD9026978F043346CA966CF76EC7CB024B8510CD933D163BB643EFA874430FA919F3DDE4A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085526.093414,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533526.093419}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF49fd6.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):5.437153200952938
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWRAWNjPdXcWo4Q+oD/QJ9mRCwXtrpR8HQXwlm9yJUA6XcIR6DghXMqqLX3i5SQ:YWyWNbdXRxAD/8TWdj8wXwlmUUAnIMON
                                                                                                                                                                                                        MD5:013D669A62D7F2031B68F946B54080EF
                                                                                                                                                                                                        SHA1:34441A79572B1915215A25BDE81F31594C1B31D2
                                                                                                                                                                                                        SHA-256:72CD1FC5D28474CF2E7D4322B2144E7099A77795A5376C28B4C0BB044CE3915F
                                                                                                                                                                                                        SHA-512:17BF6E933005B9C1513B628B9A62C5115450FB4E6501C1489217305AD9026978F043346CA966CF76EC7CB024B8510CD933D163BB643EFA874430FA919F3DDE4A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085526.093414,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533526.093419}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF4ea0e.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):5.437153200952938
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWRAWNjPdXcWo4Q+oD/QJ9mRCwXtrpR8HQXwlm9yJUA6XcIR6DghXMqqLX3i5SQ:YWyWNbdXRxAD/8TWdj8wXwlmUUAnIMON
                                                                                                                                                                                                        MD5:013D669A62D7F2031B68F946B54080EF
                                                                                                                                                                                                        SHA1:34441A79572B1915215A25BDE81F31594C1B31D2
                                                                                                                                                                                                        SHA-256:72CD1FC5D28474CF2E7D4322B2144E7099A77795A5376C28B4C0BB044CE3915F
                                                                                                                                                                                                        SHA-512:17BF6E933005B9C1513B628B9A62C5115450FB4E6501C1489217305AD9026978F043346CA966CF76EC7CB024B8510CD933D163BB643EFA874430FA919F3DDE4A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085526.093414,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533526.093419}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\abdb6dbc-e8e3-4437-8bc5-bb6b502cd354.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b4116b2a-8ded-4ac1-8b35-982f2e902dde.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c44d75c7-41ce-4232-8291-256266d7b598.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):5.427236253963905
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWRAWNjPdHUR9NKzQ+oD/QJ9mRCwXtrpR8HQXwlm9yJUA6XcIR6DghXMqqLWBQBd:YWyWNbdiYzAD/8TWdj8wXwlmUUAnIMOE
                                                                                                                                                                                                        MD5:2E592F1031F9732D6856EB2D37311084
                                                                                                                                                                                                        SHA1:791CDE5FDC12FE4CBC0A38C55FFC66C55E46F239
                                                                                                                                                                                                        SHA-256:5861011D897547583981401FBCCFDD4AD71E2ADA383993239345CF554A94EB50
                                                                                                                                                                                                        SHA-512:AC4A444B97877BBD1AB6DE49F9E49B52B29C9E68A4C6B436B2C93C2346279DD5E06C98CBF03B31BEC3578353E799BDE483267B2814142C95B7AF47806494134A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085535.083686,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533535.083691}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d2a60460-d1ca-478e-beef-94ff7dd00cef.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):691
                                                                                                                                                                                                        Entropy (8bit):5.564510452024294
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:YWy7c+A9dn+UAnIhZc+AnfXI2pcO+UAnIwSSqRIQ8rNgmh4r+UAnIwS8dBRVKlRe:Yh7cbEUxc+GvtSUtSLQkG1KUt8d9Kb7C
                                                                                                                                                                                                        MD5:823283F170A88A13F52D275CA73AE50E
                                                                                                                                                                                                        SHA1:26F0AADE30A8A22C52971B72DA827E66FBF4E17E
                                                                                                                                                                                                        SHA-256:42F9CAF24D68B5232745ACF528ED414EEB633333888948BD2A1EB9782A9D5062
                                                                                                                                                                                                        SHA-512:8A4346B3EC73C95A0180590D0063210D33C924347CC23505DAA597F348881FDE71774AE7472720AC56169A8741CEA80A1C6BBBBF734A539029B54EC4FDCAA481
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085624.17199,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533624.171994},{"expiry":1740069571.867684,"host":"kYxWDeIDVgesBS02XkmPRTIpB0nkimBvKZESXctn8eA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533571.867688},{"expiry":1740069574.038644,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533574.038648},{"expiry":1740069624.512348,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1708533624.512353}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\db6f2cd2-b54e-4d36-936a-3db6de19b81f.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):523
                                                                                                                                                                                                        Entropy (8bit):5.552728886054625
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:YWyEZA9dn+UAnIwQN8vXI2pcO+UAnIwnAS1lR7N+UAnI9XpQ:YhZEUP8/tSU+11b7wU1Q
                                                                                                                                                                                                        MD5:35FE2F1A56B7B3081D359CE71381BDAA
                                                                                                                                                                                                        SHA1:7658D5648C43078D59BD6B870FCF849E774E1EDF
                                                                                                                                                                                                        SHA-256:D28BABDD20E0EB8604F7470BB34B6E7BA173DBF0CFDEE4FEA888E4E3F20D2AAB
                                                                                                                                                                                                        SHA-512:6E7732DC0EC151AC46BA34B1B43168ED341B8DFC5BA8FE054D84034CF60648100FA1BC22E2A026139194CE439E1531B351D428601F7F1F6B3E41202EF76A1F9B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sts":[{"expiry":1724085567.151885,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533567.15189},{"expiry":1740069567.261448,"host":"kYxWDeIDVgesBS02XkmPRTIpB0nkimBvKZESXctn8eA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1708533567.261452},{"expiry":1740069564.437228,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1708533564.437233}],"version":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fc3e2f90-315f-4144-bac6-17406f3fb343.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):0.8307038620100359
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:TLSOUOq0afDdWec9sJlAz7Nm2z8ZI7J5fc:T+OUzDbg3eAzA2ztc
                                                                                                                                                                                                        MD5:B18967139991D9CA13DF7E493540A358
                                                                                                                                                                                                        SHA1:97411C14A8503C11248BE7404C9A79BA5146D40C
                                                                                                                                                                                                        SHA-256:CCC36F21951B4CB357C57DA0CCA1FFF3B4C7027230C10FD8BCB72C0AFF66141F
                                                                                                                                                                                                        SHA-512:473AE1B215B181785EA65F87E34155D5976C7AD1FA487B025E1C8711BFD127E99066990105CDA8D6F4804459118361217455AB1644803D22E6ECB164EEEFD630
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9759
                                                                                                                                                                                                        Entropy (8bit):5.123093042687094
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2kdrsVZyaNPmkS3W81bV+FBrQA8QPbYJ:st2ssVZtJmbGFQJ
                                                                                                                                                                                                        MD5:F1284A8720CEBE067EE0273715F4CFFF
                                                                                                                                                                                                        SHA1:9F68FDBB905F8FC841BA6852CCA26C0A0F2023C3
                                                                                                                                                                                                        SHA-256:8F771F2CF90DD144ACA7D5F1568D89B229C3FD02A8490F2E016F4D2BD3FB6A7F
                                                                                                                                                                                                        SHA-512:424570B227B2BC5D7E9A13FB21C6B0BC74880867E441FBB7A0578A4BE62F3FC6E0550ECC9E0CA3BC843F21F6E8BE3E3C532B3FC21AE41522FA7D6CD389520FE9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2986d.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9759
                                                                                                                                                                                                        Entropy (8bit):5.123093042687094
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2kdrsVZyaNPmkS3W81bV+FBrQA8QPbYJ:st2ssVZtJmbGFQJ
                                                                                                                                                                                                        MD5:F1284A8720CEBE067EE0273715F4CFFF
                                                                                                                                                                                                        SHA1:9F68FDBB905F8FC841BA6852CCA26C0A0F2023C3
                                                                                                                                                                                                        SHA-256:8F771F2CF90DD144ACA7D5F1568D89B229C3FD02A8490F2E016F4D2BD3FB6A7F
                                                                                                                                                                                                        SHA-512:424570B227B2BC5D7E9A13FB21C6B0BC74880867E441FBB7A0578A4BE62F3FC6E0550ECC9E0CA3BC843F21F6E8BE3E3C532B3FC21AE41522FA7D6CD389520FE9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2d42e.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9759
                                                                                                                                                                                                        Entropy (8bit):5.123093042687094
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2kdrsVZyaNPmkS3W81bV+FBrQA8QPbYJ:st2ssVZtJmbGFQJ
                                                                                                                                                                                                        MD5:F1284A8720CEBE067EE0273715F4CFFF
                                                                                                                                                                                                        SHA1:9F68FDBB905F8FC841BA6852CCA26C0A0F2023C3
                                                                                                                                                                                                        SHA-256:8F771F2CF90DD144ACA7D5F1568D89B229C3FD02A8490F2E016F4D2BD3FB6A7F
                                                                                                                                                                                                        SHA-512:424570B227B2BC5D7E9A13FB21C6B0BC74880867E441FBB7A0578A4BE62F3FC6E0550ECC9E0CA3BC843F21F6E8BE3E3C532B3FC21AE41522FA7D6CD389520FE9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF30f43.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9759
                                                                                                                                                                                                        Entropy (8bit):5.123093042687094
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2kdrsVZyaNPmkS3W81bV+FBrQA8QPbYJ:st2ssVZtJmbGFQJ
                                                                                                                                                                                                        MD5:F1284A8720CEBE067EE0273715F4CFFF
                                                                                                                                                                                                        SHA1:9F68FDBB905F8FC841BA6852CCA26C0A0F2023C3
                                                                                                                                                                                                        SHA-256:8F771F2CF90DD144ACA7D5F1568D89B229C3FD02A8490F2E016F4D2BD3FB6A7F
                                                                                                                                                                                                        SHA-512:424570B227B2BC5D7E9A13FB21C6B0BC74880867E441FBB7A0578A4BE62F3FC6E0550ECC9E0CA3BC843F21F6E8BE3E3C532B3FC21AE41522FA7D6CD389520FE9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF356fb.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9759
                                                                                                                                                                                                        Entropy (8bit):5.123093042687094
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2kdrsVZyaNPmkS3W81bV+FBrQA8QPbYJ:st2ssVZtJmbGFQJ
                                                                                                                                                                                                        MD5:F1284A8720CEBE067EE0273715F4CFFF
                                                                                                                                                                                                        SHA1:9F68FDBB905F8FC841BA6852CCA26C0A0F2023C3
                                                                                                                                                                                                        SHA-256:8F771F2CF90DD144ACA7D5F1568D89B229C3FD02A8490F2E016F4D2BD3FB6A7F
                                                                                                                                                                                                        SHA-512:424570B227B2BC5D7E9A13FB21C6B0BC74880867E441FBB7A0578A4BE62F3FC6E0550ECC9E0CA3BC843F21F6E8BE3E3C532B3FC21AE41522FA7D6CD389520FE9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ffae.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9759
                                                                                                                                                                                                        Entropy (8bit):5.123093042687094
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2kdrsVZyaNPmkS3W81bV+FBrQA8QPbYJ:st2ssVZtJmbGFQJ
                                                                                                                                                                                                        MD5:F1284A8720CEBE067EE0273715F4CFFF
                                                                                                                                                                                                        SHA1:9F68FDBB905F8FC841BA6852CCA26C0A0F2023C3
                                                                                                                                                                                                        SHA-256:8F771F2CF90DD144ACA7D5F1568D89B229C3FD02A8490F2E016F4D2BD3FB6A7F
                                                                                                                                                                                                        SHA-512:424570B227B2BC5D7E9A13FB21C6B0BC74880867E441FBB7A0578A4BE62F3FC6E0550ECC9E0CA3BC843F21F6E8BE3E3C532B3FC21AE41522FA7D6CD389520FE9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF447f2.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9759
                                                                                                                                                                                                        Entropy (8bit):5.123093042687094
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2kdrsVZyaNPmkS3W81bV+FBrQA8QPbYJ:st2ssVZtJmbGFQJ
                                                                                                                                                                                                        MD5:F1284A8720CEBE067EE0273715F4CFFF
                                                                                                                                                                                                        SHA1:9F68FDBB905F8FC841BA6852CCA26C0A0F2023C3
                                                                                                                                                                                                        SHA-256:8F771F2CF90DD144ACA7D5F1568D89B229C3FD02A8490F2E016F4D2BD3FB6A7F
                                                                                                                                                                                                        SHA-512:424570B227B2BC5D7E9A13FB21C6B0BC74880867E441FBB7A0578A4BE62F3FC6E0550ECC9E0CA3BC843F21F6E8BE3E3C532B3FC21AE41522FA7D6CD389520FE9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF55c7f.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9759
                                                                                                                                                                                                        Entropy (8bit):5.123093042687094
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2kdrsVZyaNPmkS3W81bV+FBrQA8QPbYJ:st2ssVZtJmbGFQJ
                                                                                                                                                                                                        MD5:F1284A8720CEBE067EE0273715F4CFFF
                                                                                                                                                                                                        SHA1:9F68FDBB905F8FC841BA6852CCA26C0A0F2023C3
                                                                                                                                                                                                        SHA-256:8F771F2CF90DD144ACA7D5F1568D89B229C3FD02A8490F2E016F4D2BD3FB6A7F
                                                                                                                                                                                                        SHA-512:424570B227B2BC5D7E9A13FB21C6B0BC74880867E441FBB7A0578A4BE62F3FC6E0550ECC9E0CA3BC843F21F6E8BE3E3C532B3FC21AE41522FA7D6CD389520FE9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):83709
                                                                                                                                                                                                        Entropy (8bit):5.668978846481909
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:9L0/Ry7vm2lhq4ljc+PjfOzBc+RMDVogUlcPCcBjqmny8dLA8j7baD7:9L6yLm2fq4pc+rCSogU2CcBjq3YAg7mn
                                                                                                                                                                                                        MD5:CEAD056E0E483F3CB19B11483B6C79C0
                                                                                                                                                                                                        SHA1:D12AC2E76540F426C2D2567D4445648C7239892D
                                                                                                                                                                                                        SHA-256:FAE72AB059350C736DC60FEE38B63FADF6CAFAA6051674556929853407CC090E
                                                                                                                                                                                                        SHA-512:547F93FB09EFC597A7E4460BC86DCB58574F009A29F51B73AE5659CC3C9D31AC24C8861CC807A996B9EE72B7F40B1A587F159A0D1416956409F52DED1D628A87
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1...[................(QUERY_TIMESTAMP:product_category_en1.*.*.13353007158113316..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?sv=2017-07-29&sr=c&sig=%2Fwp1fD0xo8ywYyo5yFzHEjCMobUSk%2BZ4nmFYB%2FqjsBg%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-05-01T00%3A00%3A00Z&sp=r&assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}].....}..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinde

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):315
                                                                                                                                                                                                        Entropy (8bit):5.2027909104661445
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rR/EGj1cNwi23oH+TcwtgctZQInvB2KLltRfkdQ+q2PcNwi23oH+TcwtgctZQInp:ruGZZYebgGZznvFLDNMvLZYebgGZznQg
                                                                                                                                                                                                        MD5:089D6C63588F6A3061EF2C34C09E1351
                                                                                                                                                                                                        SHA1:B80DEE38162F286D14FAFE7747F9525386D16484
                                                                                                                                                                                                        SHA-256:A01EEE9A5A6EEEF033EA465BA143B9CC0952CF35F9D9D4F4E448ADCB40E1740D
                                                                                                                                                                                                        SHA-512:F11EEF309728C74ECA5DEB9D88EFE2A6513C236C7D2CAE2EF7C5A7FE7F5CDF6096F856D08BFADAF4D6F8F0147A94EEFDF1E370014FCC263A205BF3666DF8AD71
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:39:04.809 4f98 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/02/21-17:39:13.971 4f98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24691
                                                                                                                                                                                                        Entropy (8bit):5.568544907398634
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:23qk0XWPnmfil8F1+UoAYDCx9Tuqh0VfUC9xbog/OVEJBMErwSp8tu4:23qk0XWPnmfilu1jaVjMdRtL
                                                                                                                                                                                                        MD5:32732544E4956920E55E9E8A5CBFA23A
                                                                                                                                                                                                        SHA1:57EA0D9C580FB6B0B2318865F96349368D369D59
                                                                                                                                                                                                        SHA-256:45BC935798DBD8257F608D891089DB516E2D153284CFD812A068D54254E00242
                                                                                                                                                                                                        SHA-512:37921532D72C8017EFD4A905DB8E574274DACF89A87B70AA63207DBB75F309F6BE3E2BD333D1DA2E1AFA133300A5CDCDB50095C96179362B0A37993AEF7ADFAB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13353007116088641","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13353007116088641","location":5,"ma

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2ae95.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24691
                                                                                                                                                                                                        Entropy (8bit):5.568544907398634
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:23qk0XWPnmfil8F1+UoAYDCx9Tuqh0VfUC9xbog/OVEJBMErwSp8tu4:23qk0XWPnmfilu1jaVjMdRtL
                                                                                                                                                                                                        MD5:32732544E4956920E55E9E8A5CBFA23A
                                                                                                                                                                                                        SHA1:57EA0D9C580FB6B0B2318865F96349368D369D59
                                                                                                                                                                                                        SHA-256:45BC935798DBD8257F608D891089DB516E2D153284CFD812A068D54254E00242
                                                                                                                                                                                                        SHA-512:37921532D72C8017EFD4A905DB8E574274DACF89A87B70AA63207DBB75F309F6BE3E2BD333D1DA2E1AFA133300A5CDCDB50095C96179362B0A37993AEF7ADFAB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13353007116088641","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13353007116088641","location":5,"ma

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2e9d9.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24691
                                                                                                                                                                                                        Entropy (8bit):5.568544907398634
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:23qk0XWPnmfil8F1+UoAYDCx9Tuqh0VfUC9xbog/OVEJBMErwSp8tu4:23qk0XWPnmfilu1jaVjMdRtL
                                                                                                                                                                                                        MD5:32732544E4956920E55E9E8A5CBFA23A
                                                                                                                                                                                                        SHA1:57EA0D9C580FB6B0B2318865F96349368D369D59
                                                                                                                                                                                                        SHA-256:45BC935798DBD8257F608D891089DB516E2D153284CFD812A068D54254E00242
                                                                                                                                                                                                        SHA-512:37921532D72C8017EFD4A905DB8E574274DACF89A87B70AA63207DBB75F309F6BE3E2BD333D1DA2E1AFA133300A5CDCDB50095C96179362B0A37993AEF7ADFAB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13353007116088641","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13353007116088641","location":5,"ma

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF55a3d.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24691
                                                                                                                                                                                                        Entropy (8bit):5.568544907398634
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:23qk0XWPnmfil8F1+UoAYDCx9Tuqh0VfUC9xbog/OVEJBMErwSp8tu4:23qk0XWPnmfilu1jaVjMdRtL
                                                                                                                                                                                                        MD5:32732544E4956920E55E9E8A5CBFA23A
                                                                                                                                                                                                        SHA1:57EA0D9C580FB6B0B2318865F96349368D369D59
                                                                                                                                                                                                        SHA-256:45BC935798DBD8257F608D891089DB516E2D153284CFD812A068D54254E00242
                                                                                                                                                                                                        SHA-512:37921532D72C8017EFD4A905DB8E574274DACF89A87B70AA63207DBB75F309F6BE3E2BD333D1DA2E1AFA133300A5CDCDB50095C96179362B0A37993AEF7ADFAB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13353007116088641","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13353007116088641","location":5,"ma

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF5ac93.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24691
                                                                                                                                                                                                        Entropy (8bit):5.568544907398634
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:23qk0XWPnmfil8F1+UoAYDCx9Tuqh0VfUC9xbog/OVEJBMErwSp8tu4:23qk0XWPnmfilu1jaVjMdRtL
                                                                                                                                                                                                        MD5:32732544E4956920E55E9E8A5CBFA23A
                                                                                                                                                                                                        SHA1:57EA0D9C580FB6B0B2318865F96349368D369D59
                                                                                                                                                                                                        SHA-256:45BC935798DBD8257F608D891089DB516E2D153284CFD812A068D54254E00242
                                                                                                                                                                                                        SHA-512:37921532D72C8017EFD4A905DB8E574274DACF89A87B70AA63207DBB75F309F6BE3E2BD333D1DA2E1AFA133300A5CDCDB50095C96179362B0A37993AEF7ADFAB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13353007116088641","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13353007116088641","location":5,"ma

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2232
                                                                                                                                                                                                        Entropy (8bit):6.436756390789352
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:F2emKdum3VN6X0sl2Rjp5KiSKecd6D5vh13JEdNBlIVN6X0sl2Rjp5Kis7ecse3g:F1mKkm3VN6X/+95KVu6DNn5EdNBlIVNV
                                                                                                                                                                                                        MD5:C8E2BFB133E06C5BE129EE00947BB232
                                                                                                                                                                                                        SHA1:E7DBF7AC381E00638C3561EE36BD7B7A439A6EBF
                                                                                                                                                                                                        SHA-256:34C7ADBF459488400D5BEF15C32F856D0C902F72F6C76ED3162D7C7803DBD57B
                                                                                                                                                                                                        SHA-512:2E416D306FE66F23719FA82D6CD91A043ED5CF87C82110C492032AE5F734B69E3A75974E3A449697DA84396E7919E2D7BCC7CF8BA044C942253A171E9951B718
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2"..x2................URES:1...INITDATA_NEXT_RESOURCE_ID.2$....................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1./INITDATA_UNIQUE_ORIGIN:https://www.youtube.com/...REG:https://www.youtube.com/.0......https://www.youtube.com/..https://www.youtube.com/sw.js .(.0.8......@...Z...... WebViewXRequestedWithDeprecation...AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9b.....trueh..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h."p.x................................REGID_TO_ORIGIN:0.https://www.youtube.com/..RES:0.1.....vhttps://www.youtube.com/s/desktop/87423d78/jsbin/serviceworker-kevlar-appshell.vflset/serviceworker-kevlar-appshell.js...."@27D9ED2AAD0901B3BCCCB194ADD5BFF90048EB

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):305
                                                                                                                                                                                                        Entropy (8bit):5.188442838219493
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRFFfR1cNwi23oH+TcwtE/a252KLltRfM+q2PcNwi23oH+TcwtE/a2ZIFUv:rnF3ZYeb8xLDxM+vLZYeb8J2FUv
                                                                                                                                                                                                        MD5:7B1D7A3CA0D466AA829155BBFDC59060
                                                                                                                                                                                                        SHA1:75B95E54739FA0603BF0A0EA1565E64C65335B45
                                                                                                                                                                                                        SHA-256:E7CCA169691F689165349F8CEA7B13F77AF2F14A77EB44D0B32DDE576476DAD1
                                                                                                                                                                                                        SHA-512:16F5F67BBFE4C09CDE266E79E2D4BCD96180FC3E442720BFC9883F04636CC864661B959646060437D550BA3529AD6A8E3148D98988FA2EDD5708523B7DDEC586
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:39:26.516 23fc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/02/21-17:39:26.575 23fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16094
                                                                                                                                                                                                        Entropy (8bit):6.314054676963392
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:sGUcHOqEcbuCp3bkQspksx1AJdJun2MS2HX/vk5bSxSGtOHu+JEYk:sGNH+AILpksmMRX/I8tBgk
                                                                                                                                                                                                        MD5:32926D89746B823AD47C37939DFCE06D
                                                                                                                                                                                                        SHA1:61036CD4B415EE8396187CA3C74237DD0EEA354C
                                                                                                                                                                                                        SHA-256:053E2D4C7C067F00506EA30D4770F65E73A68E62B4187D586CABBC94DC0D1FC7
                                                                                                                                                                                                        SHA-512:C505EAE6A282648D08E71751D74B7A9E2007C4CDFD7A81B5E958CE0F2D0D9E0075282DA7D690A57ACAAC8ADE1624C5F388BD73244923975071101CFF323D26A6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0\r..m..........rSG.....0/** 1503236522000871964 */self.document = self; self.window = self;var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else{var k;for(k in a[0])ytcfg.d()[k]=a[0][k]}}};.ytcfg.set({"EXPERIMENT_FLAGS":{"H5_enable_full_pacf_logging":true,"H5_use_async_logging":true,"ab_det_apb_b":true,"ab_det_el_h":true,"ab_det_fet_wr":true,"ab_det_fet_wr_en":true,"ab_det_gen_re":true,"action_companion_center_align_description":true,"allow_skip_networkless":true,"clear_user_partitioned_ls":true,"compress_gel":true,"csi_config_handling_infra":true,"deprecate_csi_has_info":true,"disable_child_node_auto_formatted_strings":true,"disable_pacf_logging_for_memory_limited_tv":true,"disable_simple_mixed_direction_formatted_strings":true,"disable_thumbnail_preloading":true,"embeds_transport_use_scheduler":true,"enable_ab_report_on_errorsc

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10481
                                                                                                                                                                                                        Entropy (8bit):5.81492210213594
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:8zNjX3n8Z1ya4mt7bJDV2oiSK0EqGoXbt+wLmUY1CqZh5dSIShSTm6M3j:Ur3nKyalt7+0EqGoXbwwq1TZh5dbST6a
                                                                                                                                                                                                        MD5:A0BE20341E8EC7DCDA112AEA10AC5562
                                                                                                                                                                                                        SHA1:F7524E442B56DDAC498F04547B3429569F724C75
                                                                                                                                                                                                        SHA-256:40B9EB14BE0C69BD662DA5A0B63A0107B483ED55AB020425CCE4D687309BEBC7
                                                                                                                                                                                                        SHA-512:5E40A65BED46B88511F1957BB281D4E8F8A9C7CDBBB51885CE6A3592DFCC0F15583108D74F432EE655FE2ADAB327C18C9DF808C0382AC84D8DF7C50A9E3DAFB5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0\r..m..........rSG.....0....z3.................;M....x..(.......,T....`.....hL`0.....L`......Rc.7.X....ytcfg.....Rc~.1.....policy...............$..a............C...C...C.,T.L.`V.....L`..........Rb".z.....yt....Rc^.t.....config_.....Rc........data_......Dm............!...-.....!...-.....!...-.....!...~.2........$Sb................`....Da............d..........`...P......H......,Q.(........https://www.youtube.com/sw.js...a........Db............D`.......A.`............,T.L..`T.....L`..........Dm............!...-....]...r....!...-....]....../..........$Sb...............`....DaH..........c..........@......<e..........................,T...`......L`................D~X..............-......n... !...-....]...../...../..4....A./...;v............-........!...-....]...../...../..4.....,.......$Sb...............`....Da......... ..f.........D......`.... ...\...e..........................,T.$.`......L`......R..JM./v...https://www.youtube.com/s/desktop/87423d78/jsbin/serviceworker-kevlar-appshell.v

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):164940
                                                                                                                                                                                                        Entropy (8bit):5.629970632465755
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:QvX5Lw5UlDJVZHL08oy6CiEETgDAGXoY7xZSrnCvnxtsmEtn4DtATIcT3PY0Ar:QvX5LKUlDJVZHL08oyRiJsD7oYb/sHna
                                                                                                                                                                                                        MD5:6D52F27BA78E682D7CEF9FC0922A2FF5
                                                                                                                                                                                                        SHA1:9E3B5940D9E25059355903A116D9410525C32AC6
                                                                                                                                                                                                        SHA-256:43107008702C28FBACEBB31898634E0AD3239CAED896CA53CDB4D01AC7400993
                                                                                                                                                                                                        SHA-512:55BEC358A781CEB3F46D7B2A8083CEF70C8256FAC179FB34FDFE438F54D92253C894D6F11DE72CA6BA40B04B04A9A3F45A0815B797AF85A56C11F46DD6EF256A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0\r..m..........V.......1'use strict';var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var ca=ba(this);function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}}.function ea(a){function b(d){return a.next(d)}.function c(d){return a.throw(d)}.return new Promise(function(d,e){function f(g){g.done?d(g.value):Promise.resolve(g.value).then(b,c).then(f,e)}.f(a.next())})}.function r(a){return ea(a())}.function fa(a,b){a instanceof String&&(a+="");var c=0,d=!1,e={next:funct

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):398769
                                                                                                                                                                                                        Entropy (8bit):6.108491883888364
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:S1vI8sUkKGxNLCbG6Uv4lthwhdCHFnr9wKKmkwL:SNI8sUkfz6UvT8lnrCKRkK
                                                                                                                                                                                                        MD5:860F443BBE0B5A937CD5395FCEFAD1BC
                                                                                                                                                                                                        SHA1:0090ADB473F3FAA0EF8737F8414DE257CA667171
                                                                                                                                                                                                        SHA-256:5823D881D9F34442F2D939742EF5F06DC5A9F3CF24B6CB650C388F8E1D12A08C
                                                                                                                                                                                                        SHA-512:0A2F11651C40C8CF838C0F54E8A61412CCCD69F44EDF603DC362F685DA7F2CB536DDC98C2A9818571920D3C4303699F93EA7F9870B9EC15797B994FA3C0026BA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0\r..m..........V.......1....z3.................;.....x.X........,T.11..` b.....L`X......L`......RbRW.C....aa...,T...`.....,L`.......}.`......Le...........................................r......(Rh...V....Cannot find global object......D.. ...........z..%...".. ...!..6........6......".. ...!..6......".. ...!..6......".. ...!..6........-...m...#../....-....!..k.........P..&..!......b..!..(Sb.............Rb..j&....ba..`....Dax...n....1.Sb.`...............c.................D..Rb..BE....Km..`.....D..Rb...x....xi..`.....D..Rb..NK....Kj..`......Rb.8......Bi..`.....D..Rb".......fb..`......Rb&.......Uc..`6....D..Rb"HC.....Pg..`r....D..Rb: .X....cl..`......Rb>l......Ob..`.....D..RbFp......db..`.....D..RbV.A.....vi..`.....D..Rb^|h.....Mh..`......Rb^Xu.....Gi..`.....D..Rbn<FI....$d..`H....D..Rb..g[....Ff..`V.....Rb.|......Ii..`......Rb.X{.....Zi..`......Rb........wc..`(.....Rb.`......vj..`.....D..Rb...b....Qc..`2.....Rb.<......lo..`.....D..Rb...4....Il..`......Rb...:....Zl..`......Rb. 0.....e

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                        Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:m+l:m
                                                                                                                                                                                                        MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                        SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                        SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                        SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:0\r..m..................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):96
                                                                                                                                                                                                        Entropy (8bit):3.6596178388797105
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:RyKq/6ldljf/tlWL6/tlvlxg:4/it/GLuhg
                                                                                                                                                                                                        MD5:2074BD19A2CFD411F461A7B69C36C59B
                                                                                                                                                                                                        SHA1:312358FA5D116FDE3A11CDFF300ACF1A9DD4B3BE
                                                                                                                                                                                                        SHA-256:FD3AF8AD21FD49AAE899497F0E0DCFF70E0F451CEBAB137F00EBF750F916F21D
                                                                                                                                                                                                        SHA-512:0D01CF53D9C3AE2AF01F1A7CC2B615F45EA8E6BD0BBC242DFE49E345894C37D59325BB38A4B2721E36A65067AF2BB069D456C70F953466E0F701793C6F6818B1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:X...\..Moy retne........................5j.+y..L.................X....,`........h.......x.@}p/.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):96
                                                                                                                                                                                                        Entropy (8bit):3.6596178388797105
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:RyKq/6ldljf/tlWL6/tlvlxg:4/it/GLuhg
                                                                                                                                                                                                        MD5:2074BD19A2CFD411F461A7B69C36C59B
                                                                                                                                                                                                        SHA1:312358FA5D116FDE3A11CDFF300ACF1A9DD4B3BE
                                                                                                                                                                                                        SHA-256:FD3AF8AD21FD49AAE899497F0E0DCFF70E0F451CEBAB137F00EBF750F916F21D
                                                                                                                                                                                                        SHA-512:0D01CF53D9C3AE2AF01F1A7CC2B615F45EA8E6BD0BBC242DFE49E345894C37D59325BB38A4B2721E36A65067AF2BB069D456C70F953466E0F701793C6F6818B1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:X...\..Moy retne........................5j.+y..L.................X....,`........h.......x.@}p/.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF35c3a.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):96
                                                                                                                                                                                                        Entropy (8bit):3.6596178388797105
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:RyKq/6ldljf/tlWL6/tlvlxg:4/it/GLuhg
                                                                                                                                                                                                        MD5:2074BD19A2CFD411F461A7B69C36C59B
                                                                                                                                                                                                        SHA1:312358FA5D116FDE3A11CDFF300ACF1A9DD4B3BE
                                                                                                                                                                                                        SHA-256:FD3AF8AD21FD49AAE899497F0E0DCFF70E0F451CEBAB137F00EBF750F916F21D
                                                                                                                                                                                                        SHA-512:0D01CF53D9C3AE2AF01F1A7CC2B615F45EA8E6BD0BBC242DFE49E345894C37D59325BB38A4B2721E36A65067AF2BB069D456C70F953466E0F701793C6F6818B1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:X...\..Moy retne........................5j.+y..L.................X....,`........h.......x.@}p/.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1705
                                                                                                                                                                                                        Entropy (8bit):4.96208947502422
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:tZZZZLXZJs+qlykmi5zx9GMD3M7q3UUgXRyszaj:NZTq9GjwHzj
                                                                                                                                                                                                        MD5:95A80CE1D7045381D0601F692E31A22E
                                                                                                                                                                                                        SHA1:DF8C2A83C63A6A834FC64EC27A4EBE84F6B42186
                                                                                                                                                                                                        SHA-256:20A610942BC1104114454BA62CD78725624967B93D8568D428C735F1B74CAE4F
                                                                                                                                                                                                        SHA-512:9725A9EF406D69F9AA31DEDAB5C891E8342A2AAA02BE26DE2B4FA0116C33E6B621627F8DB9F2F3BF01946928FFE7E7AC51418FB71781D5844D5F78DC0EB55481
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............7..ag................next-map-id.1.Hnamespace-4f9b6276_6cee_4929_b1fe_85a45b89eea3-https://www.facebook.com/.0...aC................map-0-TabId.r.l.n.y.0.v...map-0-__test__1708533521723. .................. .................. .................. .....................g................next-map-id.2.Hnamespace-1698123e_05bb_46fc_855b_00ba47452252-https://www.facebook.com/.1..r.f................next-map-id.3.Gnamespace-acb285d6_863c_4b90_87fd_3a33fb61ec7c-https://www.youtube.com/.2.L..j................next-map-id.4.Knamespace-c8c41879_9d71_4834_897a_9c29b2d9d69f-https://accounts.google.com/.3.r..j................next-map-id.5.Knamespace-acb285d6_863c_4b90_87fd_3a33fb61ec7c-https://accounts.google.com/.4...k................next-map-id.6.Lnamespace-c8c41879_9d71_4834_897a_9c29b2d9d69f-https://accounts.youtube.com/.5...)C................map-1-TabId.p.a.7.u.c.f

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                        Entropy (8bit):5.133300888085459
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWuE1WM+q2PcNwi23oH+TcwtrQMxIFUt8KRAW6EEj1Zmw+KRAWbC1WMVkwOcN+:rKWuE9+vLZYebCFUt8KKW8j1/+KKWG92
                                                                                                                                                                                                        MD5:3B0106AC92692EEBC297C0E7AB58DAB3
                                                                                                                                                                                                        SHA1:B697A0395FF0A832B87AB2811FD4F2555540E178
                                                                                                                                                                                                        SHA-256:001A743026023099CAE9E21347F0B3473308329CED5629A8ED5A6C13E4FE1E64
                                                                                                                                                                                                        SHA-512:6ACBAFED4340688CED6099EB07C36A55BE19A196A1B99D4A969DD8A0792729A5BB981E0B7D211BAEADE4F93C02A0D6A2A822A2E6527F165D0EEB858463B5EDA7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:37.314 27ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/02/21-17:38:37.333 27ac Recovering log #3.2024/02/21-17:38:37.344 27ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                        Entropy (8bit):5.133300888085459
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWuE1WM+q2PcNwi23oH+TcwtrQMxIFUt8KRAW6EEj1Zmw+KRAWbC1WMVkwOcN+:rKWuE9+vLZYebCFUt8KKW8j1/+KKWG92
                                                                                                                                                                                                        MD5:3B0106AC92692EEBC297C0E7AB58DAB3
                                                                                                                                                                                                        SHA1:B697A0395FF0A832B87AB2811FD4F2555540E178
                                                                                                                                                                                                        SHA-256:001A743026023099CAE9E21347F0B3473308329CED5629A8ED5A6C13E4FE1E64
                                                                                                                                                                                                        SHA-512:6ACBAFED4340688CED6099EB07C36A55BE19A196A1B99D4A969DD8A0792729A5BB981E0B7D211BAEADE4F93C02A0D6A2A822A2E6527F165D0EEB858463B5EDA7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:37.314 27ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/02/21-17:38:37.333 27ac Recovering log #3.2024/02/21-17:38:37.344 27ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353007118577830

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):38035
                                                                                                                                                                                                        Entropy (8bit):3.7085503862882976
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:nF6NDxq3XWHOxFKvxFGIIhxFHDImxxFHnxFsRpbaxFHBueiI+2Igsk:Fkfwues8
                                                                                                                                                                                                        MD5:A89486AAB2ED45754D21FB2AA55058FB
                                                                                                                                                                                                        SHA1:94222C4F21875D4C8FE12768B589D461079400E1
                                                                                                                                                                                                        SHA-256:9639B3E8C8001A3A88AED9DF295E02EBD9C41A5C369547E453F59174B6AC62B8
                                                                                                                                                                                                        SHA-512:EAFAE6231DC56F93EF524DF1370FA8FDC4A4D4AEAF653ABB6C6406859E199721013DE38A8AA5C300294DC0F711D0E019276CDA3A054930F99B4D77084CF5CF1E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SNSS........f.+............f.+......".f.+............f.+........f.+........f.+........f.+....!...f.+................................f.+.f.+1..,....f.+$...4f9b6276_6cee_4929_b1fe_85a45b89eea3....f.+........f.+................f.+....f.+........................f.+....................5..0....f.+&...{4B3AC14B-43E5-4896-86E8-9E7D502CE1B5}......f.+........f.+...........................f.+....!.......f.+........https://www.facebook.com/video......t...p...!...h.....................................................................................................x.......x.............(............... .......x...............................................D.......h.t.t.p.s.:././.w.w.w...f.a.c.e.b.o.o.k...c.o.m./.v.i.d.e.o.....................................8.......0.......8....................................................................... .......................................................P...$...7.8.6.a.5.e.0.b.-.3.2.4.7.-.4.3.f.a.-.9.c.2.2.-.7.9.c.c.5.1.2.6.9.d.1.f.................P...$

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                        MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                        SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                        SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                        SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):355
                                                                                                                                                                                                        Entropy (8bit):5.197746756718586
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWTyr+q2PcNwi23oH+Tcwt7Uh2ghZIFUt8KRAWTchXZmw+KRAWT5VkwOcNwi20:rKWThvLZYebIhHh2FUt8KKWTchX/+KKi
                                                                                                                                                                                                        MD5:CC820F5EB31BB1DD6DACB46426976DED
                                                                                                                                                                                                        SHA1:6A2E78543FA63B070E52E9E517B145EAD238F129
                                                                                                                                                                                                        SHA-256:A8F1865B2804A3EACAAACB7D9CB22329BCF201B0DCD24DF2EBB1B716DCF2F7E9
                                                                                                                                                                                                        SHA-512:DC353AEFFA025C9723BDB27184A2693A407E14CD4E998E12648A578D7FB3948B36458EE66B849FA18E7FD38DC18A3469E7F6694C85E3DA9917BD3FE51000DA3C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.120 bd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/02/21-17:38:36.135 bd8 Recovering log #3.2024/02/21-17:38:36.143 bd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):355
                                                                                                                                                                                                        Entropy (8bit):5.197746756718586
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWTyr+q2PcNwi23oH+Tcwt7Uh2ghZIFUt8KRAWTchXZmw+KRAWT5VkwOcNwi20:rKWThvLZYebIhHh2FUt8KKWTchX/+KKi
                                                                                                                                                                                                        MD5:CC820F5EB31BB1DD6DACB46426976DED
                                                                                                                                                                                                        SHA1:6A2E78543FA63B070E52E9E517B145EAD238F129
                                                                                                                                                                                                        SHA-256:A8F1865B2804A3EACAAACB7D9CB22329BCF201B0DCD24DF2EBB1B716DCF2F7E9
                                                                                                                                                                                                        SHA-512:DC353AEFFA025C9723BDB27184A2693A407E14CD4E998E12648A578D7FB3948B36458EE66B849FA18E7FD38DC18A3469E7F6694C85E3DA9917BD3FE51000DA3C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.120 bd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/02/21-17:38:36.135 bd8 Recovering log #3.2024/02/21-17:38:36.143 bd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                        Entropy (8bit):0.0018164538716206493
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zEZldob4K:/M/xT02zY
                                                                                                                                                                                                        MD5:923A6407F533FE8D2DF80EE6DF03D775
                                                                                                                                                                                                        SHA1:33F204FC02DBD61A1BEA7EA0C87FCFCA5282E639
                                                                                                                                                                                                        SHA-256:E7DA765122BD55C006524B6186F87DE154D78F8A88FFC7C2E206CCC295D7E504
                                                                                                                                                                                                        SHA-512:ABF9086A71DE8842ABD4A75577BF2DD1D32712FC8918986BC825D0748E647CEB7D66C43A6A5A5DDF8794FA210B52C3AF9911110330B9C6D0644932FBF0C1C01C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                        Entropy (8bit):0.0018094250832613847
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zEkl++l:/M/xT02zn+a
                                                                                                                                                                                                        MD5:93E936A029448203B3E04277BD3413E6
                                                                                                                                                                                                        SHA1:562042066E0DF32E40CBD71735A789D4EAA4781E
                                                                                                                                                                                                        SHA-256:7C034FF9B542EE1E5B1CFF7CFCF25B168A1BCD18A34B1F93DDDDE051E890C3FF
                                                                                                                                                                                                        SHA-512:9440C33B349B7376935A3218C161AC7EBAA07A2E9B88FFC4CADEC877501AE87AAC4D22393F653E3DD2BEFCA38A0D0E72B04CFF815323CAC521FAB07607D54027
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                        Entropy (8bit):0.0018094250832613847
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zEkl4:/M/xT02zn
                                                                                                                                                                                                        MD5:4EC66D91A4A71490CFD1F81591FADE19
                                                                                                                                                                                                        SHA1:4AB8309A9007096CBBE32DEB9C63BEE415BD6B25
                                                                                                                                                                                                        SHA-256:B026F1EA9DA20D13C1E20316AFB6B545AA46974CFED37D149265720F3550F3E6
                                                                                                                                                                                                        SHA-512:BE9B31B3A47B5B52E1D766B78051C151E0CED895FDB05EF84A0057499BF5B5C01E80FC08D479E0B2BC23817CCA8F220F7E133CDD8290C34434A2D7FA119144DE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):440
                                                                                                                                                                                                        Entropy (8bit):5.249926474989328
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:rKWj9+vLZYebvqBQFUt8KKWyUj1/+KKWm9V54ZYebvqBvJ:OWulYebvZg87Wr4WCoYebvk
                                                                                                                                                                                                        MD5:E183F51CBDCDACD593B99691CE1B4621
                                                                                                                                                                                                        SHA1:5D278BE89CDF14BCE21660B767903005D1276978
                                                                                                                                                                                                        SHA-256:8A90789DEF0E8C198C34DC1910F850A86BADDA15BE1AB9ABC2C4DFCBAF9055EE
                                                                                                                                                                                                        SHA-512:CD9186DEC05BBD516900916378C07E5DAB2890C8C8778455F87A14176A48AEAA062EC86A1452B1F7331585CA48323D5C7992511B50BC6DE565385359B8C1FE6B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:37.501 27ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/02/21-17:38:37.556 27ac Recovering log #3.2024/02/21-17:38:37.568 27ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):440
                                                                                                                                                                                                        Entropy (8bit):5.249926474989328
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:rKWj9+vLZYebvqBQFUt8KKWyUj1/+KKWm9V54ZYebvqBvJ:OWulYebvZg87Wr4WCoYebvk
                                                                                                                                                                                                        MD5:E183F51CBDCDACD593B99691CE1B4621
                                                                                                                                                                                                        SHA1:5D278BE89CDF14BCE21660B767903005D1276978
                                                                                                                                                                                                        SHA-256:8A90789DEF0E8C198C34DC1910F850A86BADDA15BE1AB9ABC2C4DFCBAF9055EE
                                                                                                                                                                                                        SHA-512:CD9186DEC05BBD516900916378C07E5DAB2890C8C8778455F87A14176A48AEAA062EC86A1452B1F7331585CA48323D5C7992511B50BC6DE565385359B8C1FE6B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:37.501 27ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/02/21-17:38:37.556 27ac Recovering log #3.2024/02/21-17:38:37.568 27ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3917cf50-2a58-4c1d-96f0-ef889779e001.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\53f03ac2-dc69-4306-8a1c-bad9ff3496cb.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):111
                                                                                                                                                                                                        Entropy (8bit):4.718418993774295
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                        MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                        SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                        SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                        SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF4b254.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):111
                                                                                                                                                                                                        Entropy (8bit):4.718418993774295
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                        MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                        SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                        SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                        SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF5676c.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                        Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                        MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                        SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                        SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                        SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\bc0df03a-aca7-4652-b6d8-3b24cf756556.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):111
                                                                                                                                                                                                        Entropy (8bit):4.718418993774295
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                        MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                        SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                        SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                        SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d214b689-a413-4af4-a006-0e0edb12f00e.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):111
                                                                                                                                                                                                        Entropy (8bit):4.718418993774295
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                                                        MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                                                        SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                                                        SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                                                        SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d4af3c90-1291-4e70-a6da-1b844d54af85.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):80
                                                                                                                                                                                                        Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                        MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                        SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                        SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                        SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):428
                                                                                                                                                                                                        Entropy (8bit):5.223039885888555
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:rCN9+vLZYebvqBZFUt8Kbj1/+KXN9V54ZYebvqBaJ:OMlYebvyg8wZoYebvL
                                                                                                                                                                                                        MD5:137D7B626AA977BC66737D506D9FA672
                                                                                                                                                                                                        SHA1:22D8DDE5E1283611EC919F3EBACB6840D4DC6898
                                                                                                                                                                                                        SHA-256:21F0F55E1774E4FE9889A04EDCB609CDA5A4FFCD8F3802193A4E2DD66FFE59E4
                                                                                                                                                                                                        SHA-512:91FD2708D5ADBBF6F42679AD8786913391F2F4D5BE216CFC06A7C649C1432401C82DD7A74FD063DB2FCDF7BD3EA1929E87811AC8E9C3CD3659A7999E1FFDA547
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:39:07.979 27ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/02/21-17:39:07.981 27ac Recovering log #3.2024/02/21-17:39:07.987 27ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):428
                                                                                                                                                                                                        Entropy (8bit):5.223039885888555
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:rCN9+vLZYebvqBZFUt8Kbj1/+KXN9V54ZYebvqBaJ:OMlYebvyg8wZoYebvL
                                                                                                                                                                                                        MD5:137D7B626AA977BC66737D506D9FA672
                                                                                                                                                                                                        SHA1:22D8DDE5E1283611EC919F3EBACB6840D4DC6898
                                                                                                                                                                                                        SHA-256:21F0F55E1774E4FE9889A04EDCB609CDA5A4FFCD8F3802193A4E2DD66FFE59E4
                                                                                                                                                                                                        SHA-512:91FD2708D5ADBBF6F42679AD8786913391F2F4D5BE216CFC06A7C649C1432401C82DD7A74FD063DB2FCDF7BD3EA1929E87811AC8E9C3CD3659A7999E1FFDA547
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:39:07.979 27ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/02/21-17:39:07.981 27ac Recovering log #3.2024/02/21-17:39:07.987 27ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):331
                                                                                                                                                                                                        Entropy (8bit):5.243663838178049
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWTEAgq2PcNwi23oH+TcwtpIFUt8KRAWTyhZmw+KRAWTy7kwOcNwi23oH+Tcwd:rKWTEDvLZYebmFUt8KKWTm/+KKWTa54l
                                                                                                                                                                                                        MD5:B472AC4E9CB31F07AA97C3577EFC3646
                                                                                                                                                                                                        SHA1:E06E996109C857E683CFF2007DFC6763DDCDF7D2
                                                                                                                                                                                                        SHA-256:4622B65817D9DA2D43B51147008ECC1A4E1B08FB6EF643711B6F62D913985BEF
                                                                                                                                                                                                        SHA-512:116DB0BF0353D3D03732051E473C74CEB3A2CAB07771D816A61E9AC62BB986AEF0A4A2210AEE25AD681F63E7F0326D926357D4B001F6E9AA561719DD2ACC2F3A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.073 fb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/02/21-17:38:36.106 fb0 Recovering log #3.2024/02/21-17:38:36.106 fb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):331
                                                                                                                                                                                                        Entropy (8bit):5.243663838178049
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWTEAgq2PcNwi23oH+TcwtpIFUt8KRAWTyhZmw+KRAWTy7kwOcNwi23oH+Tcwd:rKWTEDvLZYebmFUt8KKWTm/+KKWTa54l
                                                                                                                                                                                                        MD5:B472AC4E9CB31F07AA97C3577EFC3646
                                                                                                                                                                                                        SHA1:E06E996109C857E683CFF2007DFC6763DDCDF7D2
                                                                                                                                                                                                        SHA-256:4622B65817D9DA2D43B51147008ECC1A4E1B08FB6EF643711B6F62D913985BEF
                                                                                                                                                                                                        SHA-512:116DB0BF0353D3D03732051E473C74CEB3A2CAB07771D816A61E9AC62BB986AEF0A4A2210AEE25AD681F63E7F0326D926357D4B001F6E9AA561719DD2ACC2F3A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:36.073 fb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/02/21-17:38:36.106 fb0 Recovering log #3.2024/02/21-17:38:36.106 fb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):131072
                                                                                                                                                                                                        Entropy (8bit):0.008913497442909398
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:ImtVVitlPYrt/eUDlXzgiEtj0qLsUCNt:IiVsGsUD1e9LsVN
                                                                                                                                                                                                        MD5:194A224C1437927D329BDA0745C4EFA1
                                                                                                                                                                                                        SHA1:A3D86346CB4F4F40195302A8D18620ED4B581E79
                                                                                                                                                                                                        SHA-256:698CBA9FC09D3B1665083575686AB6976911917897DBB90FCC46A23CCA6A8959
                                                                                                                                                                                                        SHA-512:A8467C54A51D08DC06DAE26DE83653BB1C10C521685465B112DD540FC8947B64224C23D37D819948AED44164063C43942B5BE71768039C54378FDC5B206278FA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:VLnk.....?......[.}..'Z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                        Entropy (8bit):1.7126254829326384
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:fK3tjkSdj5IUltGhp22iSBgZ7tdouiE62RyVUk5qhpldFToo98MTITSYv2RyVUkf:ftSjGhp22iSudLNxn1B98SuSYmNxA
                                                                                                                                                                                                        MD5:B54DEBBE3C537BA12CDB14C12966EEA2
                                                                                                                                                                                                        SHA1:D429598E47089477DE27C47EA04A84A45A5ABD10
                                                                                                                                                                                                        SHA-256:F53E12AF0B0AB80D37B7D12670755DB28E5C721A14816AED9ACF911CE2B5443A
                                                                                                                                                                                                        SHA-512:65AED8AA9281B24FFB7CFD7D381CCEA7CF024C1BEC7C077862A57D4961D5FFA5776025F4DD31D656276C3D6D1BC1CB57765E094C52B129DA51542A82C6AC5ECB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                        Entropy (8bit):0.4706570019116964
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcBg3FFZ:v7doKsKuKZKlZNmu46yjxg3FFZ
                                                                                                                                                                                                        MD5:EFF328122704C0C007E7828D7180058D
                                                                                                                                                                                                        SHA1:2D1C76FB005506F4B142ED3849C5A3874D61AE4E
                                                                                                                                                                                                        SHA-256:4C1E3F1E702AF68E08576CAA1AE52FAC3FC6544F5732CF111EE8A788C02A468E
                                                                                                                                                                                                        SHA-512:F7BF9F554171532DF9F0F0976CF341A462D8BB631D24056B2F3CE7ACF44D07542380FE7D9D6DFC4BEC9BA871D91109F5CE08E4C9AB8E48A34AFC231EC00391EB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\acd6f7a7-b876-4a33-8730-3255ce2a47ed.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):115717
                                                                                                                                                                                                        Entropy (8bit):5.183660917461099
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                        MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                        SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                        SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                        SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11755
                                                                                                                                                                                                        Entropy (8bit):5.190465908239046
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                        MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                        SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                        SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                        SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\49b42e29-f318-4440-9e17-d4fb8295e455\0

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:exported SGML document, ASCII text, with very long lines (2222)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3403059
                                                                                                                                                                                                        Entropy (8bit):5.587037002028163
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:3FITo4nCn1uL0TRzNkEmFKVHL/2rcS0UmM/nDecu+0ZXKi0ghRVHXciaYkp:+Tob9LU
                                                                                                                                                                                                        MD5:D66F15D779A59C62DDA84FB4A4E99DC8
                                                                                                                                                                                                        SHA1:E439C396962F5B0C456AD7A9D8C5E262346260B3
                                                                                                                                                                                                        SHA-256:C3C4248A6B7877F2288E9C726D7CDE3BA4A0864D83945D3EE886156A3D0B5C7A
                                                                                                                                                                                                        SHA-512:1AA270DBD8D293CECDB6493878DCBAB9A7F0076A2DAA774E4E3D60BE0DF19CCB6B94DDE23FB20B5086EE45F8638EAC9962C40B987A65BA21EFE0BEFE5780A067
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:;c.call(b,d.content.cloneNode(!0),a.content.firstChild);return asc=a},{mode:HD()?0:1});var csc;var dsc;var esc=ca(["background-color:",";"]),fsc=function(){return M.apply(this,arguments)||this};.n(fsc,M);fsc.prototype.computeThumbnailStyle=function(a){if(a&&(a=kC(a)))return Ph(esc,a)};.var gsc=fsc;u([N(X.YtRendererBehavior),w("design:type",Object)],gsc.prototype,"rendererBehaviors",void 0);u([P(),w("design:type",Object)],gsc.prototype,"data",void 0);gsc=u([Q({disableElementRegistration:!0,is:"ytd-hashtag-tile-renderer"})],gsc);.V(gsc,"ytd-hashtag-tile-renderer",function(){if(void 0!==dsc)return dsc;var a=document.createElement("template");L(a," css-build:shady--> css-build:shady--><div id=\"content-section\" class=\"style-scope ytd-hashtag-tile-renderer\"><div id=\"thumbnail-section\" class=\"style-scope ytd-hashtag-tile-renderer\"><a class=\"hashtag-link yt-simple-endpoint style-scope ytd-hashtag-tile-renderer\" href$=\"[[computeHref_(data.onTapCommand)]]\" data=\"[[data.onTapCo

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                        Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                        MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                        SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                        SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                        SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e1ea1876-1442-4d5a-83ac-775bfbf8530d.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14848
                                                                                                                                                                                                        Entropy (8bit):5.305297966517943
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2J99QTryDioo8abatSuyrs/ZyaNP8WS97k73W8fbV+FxSZesxQmUQQPb5mJ:st2PGoHSuks/ZtJ8DSbGg4aQ5y
                                                                                                                                                                                                        MD5:5730F7EC8854BCE02311F30AA70B5F16
                                                                                                                                                                                                        SHA1:321A9A97597CF3A6B06B9D4A64F91492B42D82FE
                                                                                                                                                                                                        SHA-256:ACADBD59A410B4ED6211335317808DBFBC43644EC09CB639987ED91F5E2AD55A
                                                                                                                                                                                                        SHA-512:50C8B61B74D5836AC24CC2025AFCF69953F2E270B74A6DF6A4097C7ADFD219A8DDBB2E6DA7570A6D8ABC6F2405AC7C669D97424CF2F4C12412E46C81A635563F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f3ee9ad5-e5b9-4f76-a0ee-b2c5ffa3c3c1.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14211
                                                                                                                                                                                                        Entropy (8bit):5.232782522976994
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2J99QTryDioo8abatSuyrsVZyaNPmk73W8fbV+FxSZesxQmUQQPb5mJ:st2PGoHSuksVZtJpbGg4aQ5y
                                                                                                                                                                                                        MD5:4EBC7BC444C8D42E87CC3DE022046CF3
                                                                                                                                                                                                        SHA1:82EAEDFBE86B50F1ED1C2FA838E710C37C27DEF0
                                                                                                                                                                                                        SHA-256:1EDF3C3543BEDD52516481E8E2C6B1A580D2E7D61591D995FE65E3673B0874E1
                                                                                                                                                                                                        SHA-512:81E1435BCA0F9D8D5107FA78D559FCD77F2F2BCE79EA78EE4B78F414CD3819446358037E16C2B834FDF4C6FEB578C65AF186E694BE7F8846C0096CEE6B468F9F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f67267c4-a102-44e0-b942-7ea9d8c12824.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12587
                                                                                                                                                                                                        Entropy (8bit):5.217766214906386
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2J99QTryDigabatSuyrsVZyaNPmkS3W81bV+FBrQAOQQPbYJ:st2PGKSuksVZtJmbGFQk
                                                                                                                                                                                                        MD5:D9FA2382F6D0B7162EEF721926EBA182
                                                                                                                                                                                                        SHA1:B939A9EEEF231FB15F5F7AEC92C4E7725F1577F5
                                                                                                                                                                                                        SHA-256:373A473E9775A8BA40ABC635F50C79586DD684E73B5FA11EDD4D0A097062E751
                                                                                                                                                                                                        SHA-512:13A4E4A5ECD0AEC1D74E6BF788D3AFB20C036F36F969C9B20ACC1DC834936EDCBA5F778EF12DC092ADF42ABE8849AB4543271DA5E60280847D7BAC381EF8F807
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f95012d3-b98e-4a30-b034-c29c8925c07d.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):14211
                                                                                                                                                                                                        Entropy (8bit):5.232782522976994
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:st2J99QTryDioo8abatSuyrsVZyaNPmk73W8fbV+FxSZesxQmUQQPb5mJ:st2PGoHSuksVZtJpbGg4aQ5y
                                                                                                                                                                                                        MD5:4EBC7BC444C8D42E87CC3DE022046CF3
                                                                                                                                                                                                        SHA1:82EAEDFBE86B50F1ED1C2FA838E710C37C27DEF0
                                                                                                                                                                                                        SHA-256:1EDF3C3543BEDD52516481E8E2C6B1A580D2E7D61591D995FE65E3673B0874E1
                                                                                                                                                                                                        SHA-512:81E1435BCA0F9D8D5107FA78D559FCD77F2F2BCE79EA78EE4B78F414CD3819446358037E16C2B834FDF4C6FEB578C65AF186E694BE7F8846C0096CEE6B468F9F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13353007117195017","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fe3f3bb7-e987-4916-af4e-1d023f756462.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 17, database pages 21, cookie 0x7, schema 4, UTF-8, version-valid-for 17
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):86016
                                                                                                                                                                                                        Entropy (8bit):3.86609783825693
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:4b4e2m2vIviDLresm+J4WhGwybA2MUMMzaBWGrc4S2xOs0mk9ybar6LuSBIr/Xqe:Q2mMLit+ByTay4Go7eGKCY
                                                                                                                                                                                                        MD5:E0EFA4BAAAC09CDD85BCA7242446BB94
                                                                                                                                                                                                        SHA1:F900A4C84869C832935B13D058442FCF317E3FA6
                                                                                                                                                                                                        SHA-256:3AF02FBB0FCF1F5148FEECBF4EF38F896AA9FB55328338681C14228C4E54F898
                                                                                                                                                                                                        SHA-512:0F1C9059B3E525DD21B049C38B526EC716E231608C39154E2BC650873F34DD871220F7B9A8CCA5CF0EE1C8F975D3EC32DEA602A07CF1446FF30BDD3EFEBF500B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..................?.P................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.24783616218550023
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:gS7BIB34JNbtel/Vl/bfbRl/HKn0Kf75dSMgStk7DwqgIbEmmyMAzWuYFbgsCxTm:j7BIB340HL9s0xM5k7DwqgIbFYBgp1T
                                                                                                                                                                                                        MD5:A804F062BA44F8790462327986888174
                                                                                                                                                                                                        SHA1:0C59E884E4F6F8A598C3F2EA3E0C17B7C03CACE0
                                                                                                                                                                                                        SHA-256:ADCBB3967E973524A2DD9447A3134E503E36418B99476E36BCD42BA58E0AC225
                                                                                                                                                                                                        SHA-512:747AEE975665527448719148016D7A8703DF326600A0C364F8FC8FDAF5AB0868B6A2AA7072619476119C8DC53ACE83FEB803E2F7D3F445EC36F3D14EF77648A9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.....................Z..q...3.-.Mg...;.b.PX..-.....................Z..q...3.-.Mg...;.b.PX........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4120032
                                                                                                                                                                                                        Entropy (8bit):5.1135796793474615
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:jMs0gzm/IDAuYVPk0krnHwxnQSBjAWlh+RsrbGihNBJNlWGiUlCTeaih1OETG/Gb:E5
                                                                                                                                                                                                        MD5:E3BE2DF9A5BA4E87430D4C66AB7F1E9B
                                                                                                                                                                                                        SHA1:1036FEBE0DD579CBF419DE9B33643B4CFDFA9737
                                                                                                                                                                                                        SHA-256:53AFEF538AB47EDDE0DC39E0E1704F5C9D4C03F89B52BD7F573CC1C350A544F1
                                                                                                                                                                                                        SHA-512:5A8E9ABD020F93B62765C3428B8A159217640C1E14B05657A054738FBD475AF11C508FA826DEA3F0AD67D5DE681ED1939FF702AE8151B8AF0873682377CF857A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:7....-..........3.-.Mg.....F..38........3.-.Mg.../.......$........................6.........................~.q.d.W.J.=.0.........................w.j.].P...............-. .a.T.G.:.{.n.........C.....s.f.Y.).L.?.2.%.........................t.f.X.J. .......................x.j.\.N.@.2.$...<.......................|.n.`.R.D.6.(.........................r.d.V.H.:.,.........................v.h.Z.L.>.0."..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):580
                                                                                                                                                                                                        Entropy (8bit):3.7696104068627316
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:llc8BOuuuuuuuuuuuuuuuegll5NMF3s8c:/Luglr
                                                                                                                                                                                                        MD5:3EC3C3C660AD5212DA93B5642013C546
                                                                                                                                                                                                        SHA1:9163DC1AF6A9098CA99B3007E794D4341B31ED4F
                                                                                                                                                                                                        SHA-256:5E2003CE49685EE537924229AC81387568970100D803817D655A4AF83D5D5493
                                                                                                                                                                                                        SHA-512:9FCA1E8E04A3EB8834CD027D8A3F6E8C2CE6DB0AD52641CAD6F6640F1C440F816CE336D45F3669A55F8E2D5144980FFA17E815821E179615C40222C6B7AE4E30
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............0'.m;...............#38_h.......6.Z..W.F........................V.e................V.e..................Y.0................39_config..........6.....n ..1

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                        Entropy (8bit):5.215831706279861
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWayn+q2PcNwi23oH+TcwtfrK+IFUt8KRAWam3FZZmw+KRAWajxVkwOcNwi23h:rKWay+vLZYeb23FUt8KKWam3X/+KKWa6
                                                                                                                                                                                                        MD5:61D08DE9EE216DB88448A1C510F8946C
                                                                                                                                                                                                        SHA1:D98C79084F2ACFF1101DFEA46170F5BB444FA644
                                                                                                                                                                                                        SHA-256:6CFC01811EE76395D405B51C1EFCE6E70B973722B1A87E1EEE53E308E357F906
                                                                                                                                                                                                        SHA-512:9FC07D932B293B160B52394B916E296825DBA0E0015CBA4F86D481A5D3043058EB8F09F324D4C6A1435ACFA21004818727DD13293FE93010888CA0B5D339630B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:37.270 1a28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/02/21-17:38:37.274 1a28 Recovering log #3.2024/02/21-17:38:37.275 1a28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                        Entropy (8bit):5.215831706279861
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWayn+q2PcNwi23oH+TcwtfrK+IFUt8KRAWam3FZZmw+KRAWajxVkwOcNwi23h:rKWay+vLZYeb23FUt8KKWam3X/+KKWa6
                                                                                                                                                                                                        MD5:61D08DE9EE216DB88448A1C510F8946C
                                                                                                                                                                                                        SHA1:D98C79084F2ACFF1101DFEA46170F5BB444FA644
                                                                                                                                                                                                        SHA-256:6CFC01811EE76395D405B51C1EFCE6E70B973722B1A87E1EEE53E308E357F906
                                                                                                                                                                                                        SHA-512:9FC07D932B293B160B52394B916E296825DBA0E0015CBA4F86D481A5D3043058EB8F09F324D4C6A1435ACFA21004818727DD13293FE93010888CA0B5D339630B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:37.270 1a28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/02/21-17:38:37.274 1a28 Recovering log #3.2024/02/21-17:38:37.275 1a28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):782
                                                                                                                                                                                                        Entropy (8bit):4.049291162962452
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ys:G0nYUtypD32m3yWlIZMBA5NgKIvB8s
                                                                                                                                                                                                        MD5:FDF465758A7489458B387EB41C7D42B0
                                                                                                                                                                                                        SHA1:9509283CF1BD7397790091C5A7580CBA353A1143
                                                                                                                                                                                                        SHA-256:C5A7592A847D101DCB71AEE0A234835548121C647E6D99EF794337823A347703
                                                                                                                                                                                                        SHA-512:9E40B768990B3FAC6960274C5C78F9B86585100DBFE92BC885FC5384937F2922C3ED435B44C42DEAC138E8FB22CD1EED865DBB984CFFDAE8ED0BE96EDADA1698
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):348
                                                                                                                                                                                                        Entropy (8bit):5.203142193971152
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWaTv3+q2PcNwi23oH+TcwtfrzAdIFUt8KRAWaTlCZmw+KRAWaTleVkwOcNwiX:rKWaCvLZYeb9FUt8KKWaI/+KKWaQ54Za
                                                                                                                                                                                                        MD5:1ECA5BFBDF8790687D85D9AD41655416
                                                                                                                                                                                                        SHA1:A46DD8894F33405B05334911ED1A13797A51F6BC
                                                                                                                                                                                                        SHA-256:4C58FC5A974467D3CCEF6CF0258B7FFF0EF6A548E9F35E2DB71CC53CAAA633AD
                                                                                                                                                                                                        SHA-512:F565B04BE5A04FF98CBFE1585326943F39646B688A8EC4947B01FFC6F433047A9DCCDE0663262D73CBF8F0699407BE1E52DDBF7673A0A59A8DEDD2B8BADED941
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:37.260 1a28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/02/21-17:38:37.261 1a28 Recovering log #3.2024/02/21-17:38:37.261 1a28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):348
                                                                                                                                                                                                        Entropy (8bit):5.203142193971152
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:rRAWaTv3+q2PcNwi23oH+TcwtfrzAdIFUt8KRAWaTlCZmw+KRAWaTleVkwOcNwiX:rKWaCvLZYeb9FUt8KKWaI/+KKWaQ54Za
                                                                                                                                                                                                        MD5:1ECA5BFBDF8790687D85D9AD41655416
                                                                                                                                                                                                        SHA1:A46DD8894F33405B05334911ED1A13797A51F6BC
                                                                                                                                                                                                        SHA-256:4C58FC5A974467D3CCEF6CF0258B7FFF0EF6A548E9F35E2DB71CC53CAAA633AD
                                                                                                                                                                                                        SHA-512:F565B04BE5A04FF98CBFE1585326943F39646B688A8EC4947B01FFC6F433047A9DCCDE0663262D73CBF8F0699407BE1E52DDBF7673A0A59A8DEDD2B8BADED941
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:2024/02/21-17:38:37.260 1a28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/02/21-17:38:37.261 1a28 Recovering log #3.2024/02/21-17:38:37.261 1a28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\uu_host_config

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):403024
                                                                                                                                                                                                        Entropy (8bit):4.987691454989427
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:HYbzOWIwetxI2LpvNCIFu77T38WJ5BR8Mm6EW9uU8ywMsF9leE08d207nMGvykSB:EPenNgBRrmVlr0K2lP/lFlWfEwlCx
                                                                                                                                                                                                        MD5:8F9BDA485854A823E20B47C4897937CF
                                                                                                                                                                                                        SHA1:A86D1E2D3AE6E2F2CAF52DAF6D839EB02FE4B334
                                                                                                                                                                                                        SHA-256:67487ABF17DE6084CF6D117F0551E92D3BA8DC70B08D17D3685603451799EF28
                                                                                                                                                                                                        SHA-512:5C94F19AE23F4220C455DBAD0DB1640A47D981D45306939496744CC1DF2BD5980F25E417C764661CBD608D69E178CB4795763E04F21F5812AC0BA7BBCAA1008C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "0123movies.com": "{\"Tier1\": [983, 6061], \"Tier2\": [4948, 1106, 9972]}",.. "1020398.app.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [228, 236]}",.. "1337x.to": "{\"Tier1\": [6061, 983], \"Tier2\": [6657, 475, 4068]}",.. "2cvresearch.decipherinc.com": "{\"Tier1\": [8405], \"Tier2\": [379, 6101]}",.. "3817341.extforms.netsuite.com": "{\"Tier1\": [6061, 8405, 5938], \"Tier2\": [7746]}",.. "3cx.integrafin.co.uk": "{\"Tier1\": [8405, 6061], \"Tier2\": [2863, 5391]}",.. "4540582.extforms.netsuite.com": "{\"Tier1\": [8405], \"Tier2\": [228, 236, 7746]}",.. "7589.directpaper.name": "{\"Tier1\": [8405], \"Tier2\": []}",.. "7a201srvitportl.cymru.nhs.uk": "{\"Tier1\": [], \"Tier2\": [9870]}",.. "7a3cjsvmifitla1.cymru.nhs.uk": "{\"Tier1\": [6061], \"Tier2\": [1092]}",.. "7a3cjsvmlivwebb.cymru.nhs.uk": "{\"Tier1\": [148, 6061], \"Tier2\": [9870, 9813]}",.. "8ballpool.com": "{\"Tier1\": [8741, 3907, 983], \"Tier2\": [9151, 5779, 6916]}",..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):120
                                                                                                                                                                                                        Entropy (8bit):3.32524464792714
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                        MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                        SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                        SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                        SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                        Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                        MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                        SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                        SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                        SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:117.0.2045.47

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF23c05.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF23d1e.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF23d4d.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF23e76.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF23ed4.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF23ef3.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF241c2.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF241e1.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24694.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF26ce9.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2987d.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2cc10.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ccfa.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f3eb.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3564f.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF40953.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4f374.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5581a.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF591d7.TMP (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                        Entropy (8bit):6.103056588106757
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yn9PGWv/sxtw+7VLyMV/YoskFoz:z/0+zI7yndv/4K8VeZoskG
                                                                                                                                                                                                        MD5:40BE66ECF6EA049B3BE3C21341618880
                                                                                                                                                                                                        SHA1:5BC5C6C90962185A79A219626E78409923E50D5D
                                                                                                                                                                                                        SHA-256:96B64E8EBF9D6723C10BC87036EC950BD381733E283A2606EB4E93D87F14711A
                                                                                                                                                                                                        SHA-512:E9A212705D31D72B402791D357C3FD498654764700DC81F7FCCF201F75F3ED6653104F538C22EA1F6032E89D225F17FC97FED1D8EE30D38BD21DBE42C38ED622
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 10, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):0.7316566708668145
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:TLNIAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isb0zQdszVdSfzAXrdnwU:TLiOUOq0afDdWec9sJVX51Ovq7Q7J5fc
                                                                                                                                                                                                        MD5:4840C65FBAEC13074337223D4FAB732D
                                                                                                                                                                                                        SHA1:8A98C64AC43B9FEAE733402A3567A39FBD3D2B48
                                                                                                                                                                                                        SHA-256:F431ECA889766A902B8391832E594FA6F2CD38F4E9F4C726905A3548DDA63CAA
                                                                                                                                                                                                        SHA-512:AC1CE239F13E0D1520F66C10ED9DFE248DBC7DA11B67C5C845210A5EC64152B553E2459F8D14E0D35DE81E662C7489E355A2450B0346F74C8D113608A299678D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):47
                                                                                                                                                                                                        Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                        MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                        SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                        SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                        SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):35
                                                                                                                                                                                                        Entropy (8bit):4.014438730983427
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                        MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                        SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                        SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                        SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):50
                                                                                                                                                                                                        Entropy (8bit):3.9904355005135823
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                                                                                                                                        MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                                                                                                                                        SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                                                                                                                                        SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                                                                                                                                        SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):575056
                                                                                                                                                                                                        Entropy (8bit):7.999649474060713
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                        MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                        SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                        SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                        SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):86
                                                                                                                                                                                                        Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                        MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                        SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                        SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                        SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a5f161ff-91b2-492f-8c7a-57391e2b3ce4.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):57623
                                                                                                                                                                                                        Entropy (8bit):6.103920967562867
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynmU2PGWv/sxtwnj7VLyMV/YoskFo6:z/0+zI7ynbCv/4KvVeZosk/
                                                                                                                                                                                                        MD5:74CC78DB791579C4AFD6A3C3F33172C4
                                                                                                                                                                                                        SHA1:03C1F22615ACDD4D41678AB5533AF3BD97D3794B
                                                                                                                                                                                                        SHA-256:4B2F9534823FBDAF61CE30C1F01EADB83E38A955935DD4D2C1ED8A325FCE6DB8
                                                                                                                                                                                                        SHA-512:47C15B33CC1F706E0108E9B26BFDAFAEFCFDD702E849DD5CD736BBDF63057202FAC2F284A0612468038CF241EB844A810C4806004E3627602FC4C475C0AFEFAA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c8a42783-0b69-41ab-8fab-a11687e7269f.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):58612
                                                                                                                                                                                                        Entropy (8bit):6.1030964459766155
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:3/Ps+wsI7yOaxU/PGWv/sxtw3j7VLyMV/YoskFoL:3/0+zI7yOD/v/4K/VeZoske
                                                                                                                                                                                                        MD5:9C7B4E7EC856272430E3F4BDDC4C2221
                                                                                                                                                                                                        SHA1:CEC10896C0891165947B1CEF74349EAB78B5D80A
                                                                                                                                                                                                        SHA-256:2AD7613836927233640A575B460FF6921C82A12D3BC04779FDA2B31085D27EC9
                                                                                                                                                                                                        SHA-512:DC847253201E49F2058A47BB724AEDEF6E924A54867F42915503656E76C7A0CC7B1B9725A509078110B34A3C2738A9B5AFFAD8EE55A4B594AF17E42CE2D4FDCE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708533521"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ebba3d19-02f7-4b52-809b-1d3dc9b742fa.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):58689
                                                                                                                                                                                                        Entropy (8bit):6.103212250159807
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:3/Ps+wsI7ywaXUEPGWv/sxtw3j7VLyMV/YoskFoL:3/0+zI7ywlQv/4K/VeZoske
                                                                                                                                                                                                        MD5:A29CEB36334AB1B91CBB54AE6A5AAE57
                                                                                                                                                                                                        SHA1:B43AF3C240B80A868C4385355F7AFE13B5848E73
                                                                                                                                                                                                        SHA-256:028270768A0C98EBFE98CBD85BEFA1AF70C396E724703A110F048158A251F8C6
                                                                                                                                                                                                        SHA-512:9DC2F780B32926ACEDBFCBB9F290C9DA54B5DA9EA8C59F5C7498A18FD696D65B56657BE545A72DF7F36997E29EF143F5CFC023C67BE9249666758BA89FDA4542
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708533521"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fcb36415-a9cb-43f2-b138-c7b200936c2d.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):58612
                                                                                                                                                                                                        Entropy (8bit):6.103081889199207
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:3/Ps+wsI7yOa3U/PGWv/sxtw3j7VLyMV/YoskFoL:3/0+zI7yOx/v/4K/VeZoske
                                                                                                                                                                                                        MD5:92D6DF72C29CFE6B8CDB64B62A23EBF0
                                                                                                                                                                                                        SHA1:F0FD4B741D506362CF28298EDDD64878B5AFC8B9
                                                                                                                                                                                                        SHA-256:81EC00405B833DF8D605F0709B4BAAF119196C451D76006C13C170CDBB7D5DA5
                                                                                                                                                                                                        SHA-512:C26A61D797DF9FCC61172DADF1CEF715CB7D2B2996C896FF7265499D1AC2BB66AF05034DBA01A0BFBFA4DF5D5374A1C6EA2AF358A65764F93E0DD8A6A46D2148
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"270EEF00BF873436BAE0FD02F259866ED05E6988F78734E2F33D6DB953BC6531\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1708533521"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2278
                                                                                                                                                                                                        Entropy (8bit):3.851061242884275
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:uiTrlKxrgxwxl9Il8u5ZkRKCuUu8FP3wMMPB53iyw+Ad1rc:mdY/ZwKNUu8FPAMMPB53g0
                                                                                                                                                                                                        MD5:5BCA1560C6E3F8D2F8BFFD598ABA5A15
                                                                                                                                                                                                        SHA1:9AC30DC5458CD9A24574A618B83861F2449FF27E
                                                                                                                                                                                                        SHA-256:246FE4CED65DBAED1FDC5296A410FA5CB179A4A588F7505C0A2930D6A0BF73ED
                                                                                                                                                                                                        SHA-512:6F277C33F2E9B9E191683C13FD82932E9D0477895BA360A5B8C2E3B4F10D2EFB9A5C30D55A15300CC65B5319C33EDAE12657DE27F247B8613DEA03FA581F8DFA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.M.B.0.0.e.x.k.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.J.D.6.G.U.Y.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4622
                                                                                                                                                                                                        Entropy (8bit):3.99981575149429
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:uiTrlKxExYtxD9Il8u2LF0q0LzP+OVxljCfiuJml/WG/vzy+fmm/stt59vm0tRla:CYsLupug31XzD/Uttbb7PAXFeJH+
                                                                                                                                                                                                        MD5:A4DB1743EEB54204D01B6A255D7C84A2
                                                                                                                                                                                                        SHA1:D2B48FCED55EA8AFE237C30CAC17185709426FEB
                                                                                                                                                                                                        SHA-256:E3CFAE77C0EEE7A2A83FDF96B2D341028376EBB038A4127BCCDDC9209F744D17
                                                                                                                                                                                                        SHA-512:DBFDF7B249D226AD23DAA982B5ED07EB39755231DFD7B30262DDFA828EE0A5CA15D8D9EE39442F3F485597A85FCE2317580A22794CB6F9D736C8271B18EAF479
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".v.1.t.C.t.+.R.k.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.J.D.6.G.U.Y.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\plaza[1].exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3022336
                                                                                                                                                                                                        Entropy (8bit):7.9880560786253945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:4EiAf3r5X+ExHBxogJPRgq2nDmidjfFkUZyTUPQEMPIjPG6qmyq:0Af3r5u5gJuq2D5vkwoEL66qlq
                                                                                                                                                                                                        MD5:4E7BB1C53BDB0DC1C445C882B17B1D62
                                                                                                                                                                                                        SHA1:69C709694DE4F709A9C0676EBA4C16210BEC83E2
                                                                                                                                                                                                        SHA-256:62DF400DADD4D3E31711058BF9D6F66FE3245DDC9FB873FE4FA5DF505EC9F55D
                                                                                                                                                                                                        SHA-512:43B837399C6997FE84A50F2119DCB49C6B2F656FE492E5EBC02672FCB9A564A6095F68958D20B78E513D844E2371087F2FCE2DCCEEC024EFB79C6ADB7B8CA120
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....`......(.............@.......................................@... .. .... .. .......... .........x....0..h...........................................................................................................................4..................@............p......."...8..............@............@...0.......Z..............@............0...p.......b..............@....................d...b..............@....rsrc....0...0...0..................@..@.........@y..`...(..................@....data.....".......".................@...................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\fu[1].exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):918528
                                                                                                                                                                                                        Entropy (8bit):6.582329064958357
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:jqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgatTv:jqDEvCTbMWu7rQYlBQcBiT6rprG8apv
                                                                                                                                                                                                        MD5:17FEBB6CBC56CF10917289FA796F1554
                                                                                                                                                                                                        SHA1:7F63E5AE74CFBAA89BAC3DDD0A0595D95BBE4DF8
                                                                                                                                                                                                        SHA-256:ACB21F5BCE5D257B7A756F8215D3864A56F3994996023802E2A9130D1A921A05
                                                                                                                                                                                                        SHA-512:8BF1053B5BF18E3B5CD7DC67715BC304F09B9F910A634C441CADE0444EA8DA1CB8D98CD37626A50CCED94DF2B13FBF3B34C52801358C26CF0499CC5649B045AC
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e.........."..........T......w.............@..........................`.......S....@...@.......@.....................d...|....@..X........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...X....@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\fu[2].exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):918528
                                                                                                                                                                                                        Entropy (8bit):6.582329064958357
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:jqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgatTv:jqDEvCTbMWu7rQYlBQcBiT6rprG8apv
                                                                                                                                                                                                        MD5:17FEBB6CBC56CF10917289FA796F1554
                                                                                                                                                                                                        SHA1:7F63E5AE74CFBAA89BAC3DDD0A0595D95BBE4DF8
                                                                                                                                                                                                        SHA-256:ACB21F5BCE5D257B7A756F8215D3864A56F3994996023802E2A9130D1A921A05
                                                                                                                                                                                                        SHA-512:8BF1053B5BF18E3B5CD7DC67715BC304F09B9F910A634C441CADE0444EA8DA1CB8D98CD37626A50CCED94DF2B13FBF3B34C52801358C26CF0499CC5649B045AC
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e.........."..........T......w.............@..........................`.......S....@...@.......@.....................d...|....@..X........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...X....@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\ladas[1].exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2332672
                                                                                                                                                                                                        Entropy (8bit):7.958959551859468
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:cTgbaKqgO7ZrtDsZ+SihyU4iW13hi4wNY5lH4SEPdmmM8pV5ePAge7h:cT2fOZrtI3e4wS5lH4vdmQWe
                                                                                                                                                                                                        MD5:9D2C7897664527641D4A773BD49CC545
                                                                                                                                                                                                        SHA1:4E02513DB3A20EA0BE55285ACD12BD39901721CD
                                                                                                                                                                                                        SHA-256:A16A662FDC2A7143B05981C853AABBA06277F6DEE63516F10537A9FDB2C7EB44
                                                                                                                                                                                                        SHA-512:1B7F8941E219EA727494C8665C40EFB6EF8DE1040E6FB738CAC1EE60E8F840FFA10A61A323FFD8A41EB251226E79C64E892A7666E55F25FB3854A1E6142A8F64
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..........PE..L......e...............".....V........Y...........@...........................Z.......#...@.................................W...k....`...C.......................................................................................................... . .P..........................@....rsrc....C...`......................@....idata ............................@... ..+.........................@...ylraglyl.p...`?..d..................@...uyguhsif......Y......r#.............@....taggant.0....Y.."...v#.............@...................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\ladas[1].exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2316288
                                                                                                                                                                                                        Entropy (8bit):7.959810497724322
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:nuS+w88+aJg+TiXHRxvOAORFOUnoOtazwtJTKidc:bvmPxvOAg9nXazkT1
                                                                                                                                                                                                        MD5:4D4459649C8A83996BC9595CEA9E9F00
                                                                                                                                                                                                        SHA1:FCCB70F97C4072420DB9E768869D9AFEDD53ACE4
                                                                                                                                                                                                        SHA-256:9370B6DA84FC516B7673E0245645C7CDC9206080DE9C3B7DD93E4856ADB602E8
                                                                                                                                                                                                        SHA-512:DDFB616331B5F18BF5B0C0F49832B189AB69704A8AA421BAC04D77E489500E7BB21EB6FFB8F0A86B06763BD2D6C8C743F1C3D40AB9C86A18DF3ED0D88B1D16F4
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..........PE..L......e...............".....V........Y...........@...........................Y......;$...@.................................W...k....`...C.......................................................................................................... . .P..........................@....rsrc....C...`......................@....idata ............................@... ..+.........................@...ewxuruvs.0...P?..$..................@...oacrgbfp......Y......2#.............@....taggant.0....Y.."...6#.............@...................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\niks[1].exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1741312
                                                                                                                                                                                                        Entropy (8bit):7.942941230756999
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:3IRDZai/B/MdXKcamL8NbEZuzpRIgi1sWUDYl8jNmAOr64eucfzbNslGz0NYz:KJAXKlmLdypRIgbNYecAVuG3NiGz0
                                                                                                                                                                                                        MD5:754EA30A3E0BB956D161F4A088FB3BBC
                                                                                                                                                                                                        SHA1:B07A9CBC323D468F2F4353717E168BC408B5159F
                                                                                                                                                                                                        SHA-256:0E71048E8C57746F93C0FB1289EE190E68A17EEFC792ED8A2FF03CA3E91E4693
                                                                                                                                                                                                        SHA-512:2CA99979475EB3AC3E1C731A78A029D4AAC60B6352510645445CF704648B5CF48F49A08CA3450B3B8818E213BD3F4CFAA6EB5069468B7AB2AE112AC52E42F66A
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$e.........."...0..$...........`E.. ...`....@.. ........................E....../....`.................................m........`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........6..............@... .`*..........8..............@...mevurvzu.`....+..V...:..............@...dvmgpahi. ...`E.....................@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\plaza[1].exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3022336
                                                                                                                                                                                                        Entropy (8bit):7.9880560786253945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:4EiAf3r5X+ExHBxogJPRgq2nDmidjfFkUZyTUPQEMPIjPG6qmyq:0Af3r5u5gJuq2D5vkwoEL66qlq
                                                                                                                                                                                                        MD5:4E7BB1C53BDB0DC1C445C882B17B1D62
                                                                                                                                                                                                        SHA1:69C709694DE4F709A9C0676EBA4C16210BEC83E2
                                                                                                                                                                                                        SHA-256:62DF400DADD4D3E31711058BF9D6F66FE3245DDC9FB873FE4FA5DF505EC9F55D
                                                                                                                                                                                                        SHA-512:43B837399C6997FE84A50F2119DCB49C6B2F656FE492E5EBC02672FCB9A564A6095F68958D20B78E513D844E2371087F2FCE2DCCEEC024EFB79C6ADB7B8CA120
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....`......(.............@.......................................@... .. .... .. .......... .........x....0..h...........................................................................................................................4..................@............p......."...8..............@............@...0.......Z..............@............0...p.......b..............@....................d...b..............@....rsrc....0...0...0..................@..@.........@y..`...(..................@....data.....".......".................@...................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\amert[1].exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1902080
                                                                                                                                                                                                        Entropy (8bit):7.950529300938905
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:6tKUuIjJaao7Fi0FB65JaMPy4RzA0ine8PXhsEh9jwE+:6tWRYr5JaMVzAG8PXh3h6D
                                                                                                                                                                                                        MD5:07D7F9FCE107448C2D383A87DE39AFB2
                                                                                                                                                                                                        SHA1:D9C377345BEDF6B6F26C165A454138DE19A206EB
                                                                                                                                                                                                        SHA-256:27E53850B7B9483834898B605F6DCF4B0C1B71BD1671864A5BC408929C7AB548
                                                                                                                                                                                                        SHA-512:8EA1C6F4CD0DDE7A7A22E686E94D9EFDCD6BA405936CD9C501A903323D36E39E28608184BF7799CCEF168B63EA3365316EB6940EFDF2825F1BA90BEF95F55170
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e..............................K...........@...........................K.....p\....@.................................Vp..j....`.......................{K..............................{K..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..+.........................@...odpxvryq......1.....................@...anidzile......K.....................@....taggant.0....K.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\amert[2].exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1908224
                                                                                                                                                                                                        Entropy (8bit):7.948331616403662
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:NlXjILQlWgl0SQw4G4ubdXsfVHfPiQtTZZv5:7FrSwdyVHfPrZ
                                                                                                                                                                                                        MD5:73B8BD940F0DA3278C79A58BC5B412E9
                                                                                                                                                                                                        SHA1:74A1851C04C5E8789AD5CD0C2B5C6A8C6C13CE35
                                                                                                                                                                                                        SHA-256:31F7CC0C7C8E0F820057997E878CB4A0E9B434C498A096FFF37E021909F164F0
                                                                                                                                                                                                        SHA-512:5D3E277413F71601EC70D32C02D324CA14A545739490F2420FFD3483BC6B88769690E5774B1A7B3DE7ED7D1AFAB341BB10C12F0417C103561BC2597DA17769EA
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e.............................0K...........@..........................`K...........@.................................Vp..j....`......................`.K...............................K..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...pnqzgoyr......1.....................@...xzseijod..... K.....................@....taggant.0...0K.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\niks[1].exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1742848
                                                                                                                                                                                                        Entropy (8bit):7.943497835417937
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:kNdrcn+MzzcDXU0vyqSMSs+LKSdYjYBT+p:kNdrEO/lSMZ+LK8q
                                                                                                                                                                                                        MD5:EBE3516415D8FD2E337044DB1EE9C027
                                                                                                                                                                                                        SHA1:09AAA949A171A683B1B26E64D41873131CE39F06
                                                                                                                                                                                                        SHA-256:F57072BF138C27A90FC15BABDA76C30144217A66FABAAF98337F2B12ACA9BC63
                                                                                                                                                                                                        SHA-512:B6D5C7598C86CD5BF1035D771512C419543AA8EFB91812D1CA7965060B8A3DAF48E7BC5ED60B535CE1ADAD170DBB7E94F6254C58655FE6E47AFE837D4DE02F11
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$e.........."...0..$............E.. ...`....@.. ........................E.....f.....`.................................m........`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........6..............@... ..*..........8..............@...bszskcvh.`...`+..\...:..............@...qpnzysyi. ....E.....................@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\10834 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):89
                                                                                                                                                                                                        Entropy (8bit):4.643904009876527
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H5PaetPubU6X7GRgvKiUll/ln:1Llubr5KiUll/ln
                                                                                                                                                                                                        MD5:483AB684EF66371C5396E427940D774A
                                                                                                                                                                                                        SHA1:47FE6FCB781A4F2063A250CDECADDBD960C1518F
                                                                                                                                                                                                        SHA-256:E571FBA1EDBEDD816B27BB2478202177275B14FD655A8CA19885EF810A92C146
                                                                                                                                                                                                        SHA-512:BE3B4E2DF8FBCB64C5233BDA274355F42E5A0D3AA984CD1DB74786F9B442E3FEE1A68D256494598457686F8FCEBB279B327A00B8CB2EE1BBB4C48B20B2E6D95A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:f.\.........e.'@e.'@F.t........0....a,~1708533528,:https://spocs.getpocket.com/spocs.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\14373 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):113
                                                                                                                                                                                                        Entropy (8bit):4.771667860846028
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:rE0hUd8ullXNWbdUyGLk8rLtPSKVIDIIt:jCEbdOx0KVst
                                                                                                                                                                                                        MD5:9E0C3903789870A222645658E5448BBF
                                                                                                                                                                                                        SHA1:48D56D69E5A5CF95951C7D63A5AF388005EE60AA
                                                                                                                                                                                                        SHA-256:6ABB82744D7FF8914970480490D31722997BBB2850827C652C05E784B3A9EDB8
                                                                                                                                                                                                        SHA-512:3728D595F70CEC6F886C9F4005EF1A79A0DE61F1F958A434B9E198295DA553C55312AD35F77B612B764F716B78F75BC51AC3C249BAA0A08F63EC67CC27BB58BD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.>..........e.'^....F.t........H....:https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\20138

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):189
                                                                                                                                                                                                        Entropy (8bit):4.951681734089106
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:x/3W/BdSu/l3BMqEcldnX+OGTAMrRzcSLUxGTKlLjOKf6TaxXA8AsO7Wq1VXA8Ai:53gBdhRiclp+OGb9LUxG0OKlmeO7Wq1v
                                                                                                                                                                                                        MD5:9FAF4F526D4A1289E4DDD356BD419DF2
                                                                                                                                                                                                        SHA1:DC27E9892B70FDB65B478C5EDEA51E30B9BB7120
                                                                                                                                                                                                        SHA-256:BAAA15A827196D90632AF95F67B0320B79EE944749B23E3542ADC60C9C3905F2
                                                                                                                                                                                                        SHA-512:5C3E103C0E9676EEE2DDA35FC04AA4650BEB6DB916E17F1E0240CEC0A20A8ADE81A039C28DAECA37FA72002809DA5C027369B6A16E0155C492F04A8017EA658A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:=y..........e.'2e.'=F.t........B....O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/.necko:classified.1.net-response-time-onstart.11640.net-response-time-onstop.11836.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\20811 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):114
                                                                                                                                                                                                        Entropy (8bit):4.913892336938957
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:a/W/B6H8u/EtqiBMqEcldnX9XHWwrRzcSLYXqhHK//l:hB0miclpJWw9LYX2Kl
                                                                                                                                                                                                        MD5:9909E3B4C128F11851813F4C8EF7AEFE
                                                                                                                                                                                                        SHA1:40F35E54792077D2858E54990BCE8D6ED3F2EB6F
                                                                                                                                                                                                        SHA-256:A5F4B23E352BCAEDAE6309965E288FB397219E171F58ADAABFE7083FFB084B48
                                                                                                                                                                                                        SHA-512:4240D8A5E5B0A63C63D7E867F5D7C9238159FEF063C190FFC3B7E2CA517BECB6AF40ACC2B67217301F33070BD982860B47C2D776CB6C1A636A9E73978F490A2E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...........e.'2e.'2F.t........I....O^partitionKey=%28https%2Cfacebook.com%29,:https://www.facebook.com/video.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\23573 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):129
                                                                                                                                                                                                        Entropy (8bit):4.863260078321421
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:gClhB6H8u/gWuBMqEcldnXDLwrRzJKVJ3uDLjOKf6T0tn:gClhB0x8iclpDLwnw+TOKLtn
                                                                                                                                                                                                        MD5:E2D8FF9C7BB213F351C4C9BE40AAEA14
                                                                                                                                                                                                        SHA1:D4A79CC3C1B59409DC562FAB9A2BF895FD959BFA
                                                                                                                                                                                                        SHA-256:D027F0D53DCB128ACB59A91455CD9669468B9B00B719E56F19532D8062EB27FF
                                                                                                                                                                                                        SHA-512:FB7A38179EAF61AC4D5ECCC2B8543269A82C9993268E3535AFA47D829E9B660DAF63E1D9A90EEEBD940AFCAF6EF3BDEC78304AB9F20B2BE1772D752E71A87143
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..2T........e.'2e.'2F.t........E....O^partitionKey=%28https%2Cgoogle.com%29,:https://accounts.google.com/.necko:classified.1.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\26255 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):35420
                                                                                                                                                                                                        Entropy (8bit):5.08636672292605
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:bPtFYceo3KtwnY9nR+eXHxoZ/HJkNTBdHOT5Qhh7veKnt9KZZ:5eo3KtwnY9nR+eXHcHJk/dHOTij75gZ
                                                                                                                                                                                                        MD5:5D74BAF625E4AE7B8C53BC82F5D2D378
                                                                                                                                                                                                        SHA1:7E17E8040F9D5DD5A308002E24F6C41A670DAE3D
                                                                                                                                                                                                        SHA-256:568E106B5108CE624CACE661EBD9CD747EE8B2C679CFFB83809064CC53B88C30
                                                                                                                                                                                                        SHA-512:471D42FDA52B1B6A15B737592BDE85E00C4607E3205670FECD6F73708DB498F26E21629B8B093FE0A204FEB8717F0450981290CF49EF5D0C1B37218B5C2CE5B5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<!doctype html>.<html>. <head>. <meta charset="utf-8">. <meta http-equiv="Content-Security-Policy" content="default-src 'none'; object-src 'none'; script-src resource: chrome:; connect-src https:; img-src https: data: blob: chrome:; style-src 'unsafe-inline';">. <meta name="color-scheme" content="light dark">. <title data-l10n-id="newtab-page-title"></title>. <link rel="icon" type="image/png" href="chrome://branding/content/icon32.png"/>. <link rel="localization" href="branding/brand.ftl" />. <link rel="localization" href="toolkit/branding/brandings.ftl" />. <link rel="localization" href="browser/newtab/newtab.ftl" />. <link rel="stylesheet" href="chrome://browser/content/contentSearchUI.css" />. <link rel="stylesheet" href="chrome://activity-stream/content/css/activity-stream.css" />. </head>. Cached: Wed, 21 Feb 2024 16:39:45 GMT -->. <body class="activity-stream">. <div id="header-asrouter-container" role="presentation"></div>. <div id="r

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\31108 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8559
                                                                                                                                                                                                        Entropy (8bit):6.086701625523207
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:QTuVgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdCPdCm:QTuGhJvjaanFhu7oiTaIda6T
                                                                                                                                                                                                        MD5:99B673EA92F05896D3B6F504F27DC381
                                                                                                                                                                                                        SHA1:9C74EB8EE48F0805BAD0528124CFC6BBA6913447
                                                                                                                                                                                                        SHA-256:D9FD304241FC3B7FB8572588B9965A16C13566DD3C2E7E5F76B615AB6EC97E0A
                                                                                                                                                                                                        SHA-512:A51F471F459FA662C983F60F862ED3F1F90AF86697BE9D30E3F4F79623DAB78DD311E7E81FABCB29666B08B50FFF48574081566AF510005C094BCD35DE96B95D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"project_name":"Remote Settings PROD","project_version":"18.0.0","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"explicit_permissions":false,"batch_max_requests":25,"readonly":true},"capabilities":{"changes":{"description":"Track modifications of records in Kinto and store the collection timestamps into a specific bucket and collection.","url":"http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes","version":"32.0.3","collections":["/buckets/blocklists","/buckets/blocklists-preview","/buckets/main","/buckets/main-preview","/buckets/security-state","/buckets/security-state-preview"]},"attachments":{"description":"Add file attachments to records","url":"https://github.com/Kinto/kinto-attachment/","version":"6.4.0","base_url":"https://firefox-settings-attachments.cdn.mozilla.net/"}}}ZN..|5............e.'`F.t e.'`...2....:https://firefox.settin

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed\5596 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8559
                                                                                                                                                                                                        Entropy (8bit):6.086701625523207
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:QTuVgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdCPdCm:QTuGhJvjaanFhu7oiTaIda6T
                                                                                                                                                                                                        MD5:99B673EA92F05896D3B6F504F27DC381
                                                                                                                                                                                                        SHA1:9C74EB8EE48F0805BAD0528124CFC6BBA6913447
                                                                                                                                                                                                        SHA-256:D9FD304241FC3B7FB8572588B9965A16C13566DD3C2E7E5F76B615AB6EC97E0A
                                                                                                                                                                                                        SHA-512:A51F471F459FA662C983F60F862ED3F1F90AF86697BE9D30E3F4F79623DAB78DD311E7E81FABCB29666B08B50FFF48574081566AF510005C094BCD35DE96B95D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"project_name":"Remote Settings PROD","project_version":"18.0.0","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"explicit_permissions":false,"batch_max_requests":25,"readonly":true},"capabilities":{"changes":{"description":"Track modifications of records in Kinto and store the collection timestamps into a specific bucket and collection.","url":"http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes","version":"32.0.3","collections":["/buckets/blocklists","/buckets/blocklists-preview","/buckets/main","/buckets/main-preview","/buckets/security-state","/buckets/security-state-preview"]},"attachments":{"description":"Add file attachments to records","url":"https://github.com/Kinto/kinto-attachment/","version":"6.4.0","base_url":"https://firefox-settings-attachments.cdn.mozilla.net/"}}}ZN..|5............e.'`F.t e.'`...2....:https://firefox.settin

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\02F6463DFBFAC08B94C9FDAACB7AA66D176E53B7

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21815
                                                                                                                                                                                                        Entropy (8bit):5.760856204975487
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:DGhqb4AexlNlP3me3mZ9hJvjaanFhu7oiTaIda0p:DGhqbNeVlP2e2Z9H2qhu7oWa83
                                                                                                                                                                                                        MD5:4C8313F58B0382CD7424603D0D250606
                                                                                                                                                                                                        SHA1:2726EA38999192C62E77C67A7D2E72B89697228D
                                                                                                                                                                                                        SHA-256:A555A0D1C99E2CB44F2B69AD91E577C05854363443817249151F3DD72549A7C2
                                                                                                                                                                                                        SHA-512:E3BE980DB9CA7725494BE71CDC4D327002B11CAAEBB6A8ED9140C75E9C9AF6678F1A9127E3E861F0D28CDF597C0552623C219A4AA609B7639CF926D63A13A144
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["webExtension"],"properties":{"params":{"$ref":"#/definitions/params"},"default":{"$ref":"#/definitions/default"},"appliesTo":{"type":"array","items":{"$ref":"#/definitions/appliesToSection"},"title":"Applies To","description":"This section defines the region/locales/application information for where a search engine is available, and any specifics for that region/locale/application. If there are no entries in the list, it is considered to be included everywhere"},"orderHint":{"$ref":"#/definitions/orderHint"},"extraParams":{"$ref":"#/definitions/extraParams"},"telemetryId":{"type":"string","title":"Telemetry Id","description":"The telemetry Id as used for some of SEARCH_COUNTS telemetry."},"regionParams":{"$ref":"#/definitions/regionParams"},"webExtension":{"$ref":"#/definitions/webExtension"},"defaultPrivate":{"$ref":"#/definitions/defaultPrivate"},"sendAttributionRequest":{"$ref":"#/definitions/sendAttribution

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\0EA2E1AC3653A248EDE38E975FF2A4ADDA308244

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):492272
                                                                                                                                                                                                        Entropy (8bit):7.997759253694413
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:12288:u8fhrUPE5+8TK1g9M6y5JJtuiA50eHgB2rAnavTQC:fZrUPE5I1g9M6yyZ0AgYra4Z
                                                                                                                                                                                                        MD5:D12E666C6F17D7643030971B8A33A4A9
                                                                                                                                                                                                        SHA1:B57A17BD0858CD888364832A45AE61A5D0D0302D
                                                                                                                                                                                                        SHA-256:955B149B8E5F156022F9C7082E8A3AD5461E732F44339EF815667E8DFCB76179
                                                                                                                                                                                                        SHA-512:2FD5712FA1B0ECF2E4219FC66788FEA4AE6963ACE075D6C9023ACADC3CAE21A90821D65374CC88B298B25E5A797582CEFA537BE79615C61E0C96F117220D31D9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:PK...........V...,.}..........gmpopenh264.dll..|.U.8.I.....`....&l.Vpm.5Sf.N.(.."..YXY.%....V:;.......>....u.-...U....(.E.?*.ES.R..?...{'i...]}.}>._?Mr.....s.3s'....Ng.O0..m..?...z..4~{...w...H.\3{....U?*Y..K..+W.-K......,_i.g.k....NJLL.j0F..y..[?}1..........'.G^.#..^.C..{1.~..>.i..=............>}i.......h..h..t..O..^>w..PY.n.e.>...%Q.3....&H.d9....tqZ..pg3....G@u!.........[.4h....E.w.Y...~_1.^.#!f.+,.au......,._..:&...{N..1..~p..~?..DJ..T.".,.vR....u..P........8D;.,.BOp..........D..'...q*..l...;..6$.........9&.<.bU....dExynP..KK.........7~M.X....?.-Q..*.....zs......>..\...bv...y...s..+zN.Kr.(. .Ee.QRco.8..8.~..o..D.OT.5......O.gC.F.3..E......('..>......2Eu.5]l.t}.`...:j.....IW.u...J.....H.m.R.Tz.....O...*..Q...9..j.c.Uc...U8gD..q.^.3..|..Q.g[..Q6Q.q.....GBg..F[.\...D.C.?:1.}.../.t ..`.....}..........@...8c.G.....o. .......TyK.....sS.S..a.a..LR.0.k,.</;"...L.!WDp.M....8r..S..kq..o.0.m.-..,Z.[...>.G....P~.|.7TR...Ug.7.j......8Q>-.u..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\15F320D20636A4D0A5481D2EF54EE0B2900C6A1A

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20662
                                                                                                                                                                                                        Entropy (8bit):5.803308058882935
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:pRLD5B9hAWv7+swwhJvjaanFhu7oiTaIda2C:pdD5B3LvyZwH2qhu7oWa8e
                                                                                                                                                                                                        MD5:049899BD7744CEFB94D53F951AFECD98
                                                                                                                                                                                                        SHA1:6DBD822A33EBA68E2B22B845173F01D5FE938275
                                                                                                                                                                                                        SHA-256:EE5D1BE2EF1A0E5D6C91ECED7B192E7113C5D6365EC8D6B3889A8273976CD186
                                                                                                                                                                                                        SHA-512:32BC7D9823C0AA418B1538E8FD999E67165DFFA30C8091B492C8E00BA2CD9B23B2341C8A0E57A305889B28A59C41FCD8A0B2329ACE247DC828B49657E1E98F1E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"schema":{"type":"object","properties":{"id":{"type":"string","title":"Id","description":"A string that will be used to identify a browser (e.g. chrome, firefox_android, \u2026), not tied to a specific name"},"name":{"type":"string","title":"Name","description":"The name of the browser (e.g. Chrome, Firefox for Android, \u2026)"},"status":{"type":"string","title":"Status","description":"Extra information on the version (e.g. current, nightly, esr, \u2026)"},"version":{"type":"string","title":"Version","description":"The version of the browser (e.g. 99, 15.1, \u2026)"}}},"signature":{"ref":"3gx3xzg5klhufc0jzz1s3v0sf","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-04-09-14-36-39.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"BL80tzj7f4km9Rfn8Dl4JzGx4un44CU0V-XuIM2bMIT9V1iQQ2ln5GSXOz5Fj4TtoKjmLDBH8pHu2T8kgC5HBjhpRKjYvX3NBbhcOA_wS9RrVAcZsGt7rkDuI3lFDSWL","signer_id":"remote-settings","public_key

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\17F7FA5902695666B1032F123090624C34C1744F

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.0413267241076
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:mCyMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEck/LUi:TJvkmV2GnShxN4su3pztscNbZovEpkA
                                                                                                                                                                                                        MD5:4CEA0BF19DF258E47A61E3C473113644
                                                                                                                                                                                                        SHA1:AADC91DD6F02CA5B05E14482ADD79F1BA5B0B29A
                                                                                                                                                                                                        SHA-256:F26CC40A70E36A7CD9413EAC4023B60E9C4E36743212EBB3239973FDAA488EF7
                                                                                                                                                                                                        SHA-512:6AB28BF22A48028B79C29EF8979E3327DA27F629EB2FD3384771A3B9725EBDDBDBE48E1B74C565546C09A32E5358B2AFE53DA09DDD20503666AD6924C9A20B10
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..F.........e.'ae.'bF.t e.'b........a,~1708533547,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/e6e57dc0-d354-4d4a-8374-548b8e2bcc5d.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\1C966F8B6A1A3C0146D94C40C03E026249740FE5

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.043193632521523
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:TmMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckKLUcy:3JvkmV2GnShxN4su3pztscNbZovEp/h
                                                                                                                                                                                                        MD5:341427A403A11502139F718F364A0FF5
                                                                                                                                                                                                        SHA1:4C6448D81158A56B12B3A7639AA4A041C057EC4B
                                                                                                                                                                                                        SHA-256:9348BB88E027A3C99CBB39E3D0EB5BA06A3D2A24FD479C4B841EC1A7C9CDFA4E
                                                                                                                                                                                                        SHA-512:D01AC8AA3BEFB0D53C90F56B0B9F075D04D7BB1A721D2133ACCA5E41EC1A8CE43215640352C8A3D777E36F6A9097777225468CE54112BA4F8271100A1FEA89A7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:=..........e.'`e.'aF.t e.'a........a,~1708533545,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/3b7fc3d4-90d3-48a3-834f-e61d315e9a5c.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\24A11EAB428A78C052A460208C1BD1FA1FDD588F

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.044364718518317
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:Vb7MjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckyLU/:yJvkmV2GnShxN4su3pztscNbZovEpnp
                                                                                                                                                                                                        MD5:64EA4AF5AC3EB3857306B63221560AB1
                                                                                                                                                                                                        SHA1:E0C30FBF73C757F7AF704C3BA969C8C81DDED744
                                                                                                                                                                                                        SHA-256:2583AC0D0240711D5672C78978131021F598E91600E43DF70B8BA8A0D88FA04E
                                                                                                                                                                                                        SHA-512:36126EB5FB9544727FCEA2BBA7E7C860882A8D5E3CC10B768CBF8D46B83A81C5D986C5B61D878C0B41C1A1BE2EB0A1BC46CCC8452CC0E93E1CAFE5F2931B745E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:?J..........e.'.e.'.F.tDe.'.........a,~1708533562,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/2b167346-5f76-4c00-8f97-19cee0df0fba.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8402
                                                                                                                                                                                                        Entropy (8bit):6.089740708978633
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:vAgaQJvjmVPnZQAaF+y/GO6oifbaI8j3qOcdBfGdB+:vxhJvjaa5Fhu7oiTaIdLBCB+
                                                                                                                                                                                                        MD5:75A4D57BE626A73CC4881A51D3473C0C
                                                                                                                                                                                                        SHA1:FA16FB92E9F9F55D6F8ADBF23D5B9A996CFDE2C3
                                                                                                                                                                                                        SHA-256:45FD3EFA42B5C9272A4E98BED2BEE2250125B89E2563D5B54C71A7F872B13299
                                                                                                                                                                                                        SHA-512:AA44686B099B1639292D4FBA2DBE375EDB7E40052CFB87841E52A4FEB90044EAF140D412F12186416C9482E55B3767AFF526988C1C460A93C0D1897BB871D260
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"attachment":{"hash":"0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0","size":7581,"filename":"asrouter.ftl","location":"main-workspace/ms-language-packs/4f1bcaa0-ddf9-43ef-aca3-8378c4d05582.ftl","mimetype":"application/octet-stream"},"id":"cfr-v1-en-US","last_modified":1648230346554}}..Z...........e.'Pe.'QF.^.e.'Q...q....:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAXxMIIF7TCCA9WgAwIBAgISBFpDlXSABCsegqMcb4clNVchMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjQwMjIwMTUyNTI5WhcNMjUwMjE5MTUyNTI5WjAmMSQwIgYDVQQDExtyZW1vdGUtc2V0dGl

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\28E7A8E6B433E886A4210CBA89FA21AFECF96B94

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8044
                                                                                                                                                                                                        Entropy (8bit):6.041238833057024
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:dGzJvkmV2GnShxN4su3pztscNbZovEpjN:0zJvkaVSt4b3lAcj
                                                                                                                                                                                                        MD5:9288AC5E8960319EE44ECD2D9F52B8CB
                                                                                                                                                                                                        SHA1:09F2FAE74AED7A6A4F36D331AE41E033990F2FD8
                                                                                                                                                                                                        SHA-256:D3966C3B4CD7D569F4949D7542125B3EB19596749CD8966B721E44F42BD2F507
                                                                                                                                                                                                        SHA-512:7B98C802F37A2702AE6B45D650979A28AC31C0FC7CB988755CF2D627BE2083D449A620F7823A2968C7AD6CF03B6B0F243BCAD706F77658CA5234A75BA78C71BF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:z..........e.'ee.'eF.t#e.'e...z....a,~1708533554,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/7917ce80-55b3-46ca-99c2-70537bbb959a.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1aga5kYNd65Z

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\2AADB24FD9C4365C39E81A6193B9DDA312715091

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8044
                                                                                                                                                                                                        Entropy (8bit):6.0403139995272435
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:vC3JvkmV2GnShxN4su3pztscNbZovEpjN:vC3JvkaVSt4b3lAcj
                                                                                                                                                                                                        MD5:839892A22F0EC597D1F3A8833773536D
                                                                                                                                                                                                        SHA1:497E25E8B09DAB655D717B126312C9CA0D3C1542
                                                                                                                                                                                                        SHA-256:96274C9115E15F7C87AD5174DBC9262BD44DFDC6C32028E0F96E57FAF8F58814
                                                                                                                                                                                                        SHA-512:241C4F90BFCDFC9330AB3C9C35444C791AE89F172B02D52469A2A84E48D1BF06674D6B84F0B67FADF6E8FAD254FCAB11C292A9BD5E4048669F58EF95DECD1B2A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:p`I.........e.'de.'eF.t"e.'e...z....a,~1708533553,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/372e391e-787d-40e8-8beb-44106d6c22f4.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1aga5kYNd65Z

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\2AE1B73416F575D1AC043D10D9DC0983E5DB7B0A

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:gzip compressed data, original size modulo 2^32 3642754048
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):286734
                                                                                                                                                                                                        Entropy (8bit):7.991470360252982
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:6144:yEFlXQh/9+k8qPkLJWpwwtZCZrjU2Ez+sxlz8rV+UqJ4XHsSb:yclAh/syk9WyfLYz85H3si
                                                                                                                                                                                                        MD5:5515C06B560F57A211CA0DCC274D9BF2
                                                                                                                                                                                                        SHA1:61B734CE5A36D5D84EBFB472769BF6119667AF08
                                                                                                                                                                                                        SHA-256:3FD55F450E7990491C40D79E8F1E3864169F4B11BE52D560C733D6CAC4986FCF
                                                                                                                                                                                                        SHA-512:36DDFA6071E82BFEA7A8F7770CC86F0BFE3CB8CE2CB36521D46E2670DD1599B6D45A1D8C6C54F527AC3B4DE83CB25F6DEDB479F169D8A8EECF673BE007D35890
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...........Z.n.:.~.h.*..vD...o..\....d...M~...#.C..B....R...o-......$2WR..e.Fqv..\&o..%FAB0...-S.P.\...<.z .p..(a.7"N@X..?....z.!T,y...,...H.),.[..1..x.E.t...Z..K.H..Y.q]XH.........'..ez.u.l..ox.W...h...aC9.).).....nO. ...9....9.KH.......V.eG.j.S.......?..@VWZV.a.g.G.9..........E)b!...V..N..cKy....:a..+.K.O.H.u.....^_.t5.D.@;......f.by0.[.h..Om @....f.9...O.<x.S.o.....8Ge.....0...;...[LS..o...W...-..X...{..(..9..8....JC....wB..f..h....s.G......C...D...[.S..p~....U..NP..b.....!Z.t..(.K.e....G.Q...].7!..S.}/u.K...=.....~.z<.."....-..w....!..........f;..;.@F.RL..d...u1.i...'.;w#...y.`Pl8...S.FrL...TV..c|Ri-\bTM.r..."..%.X.D...........KP....z{.E.Z.1.wH.L.........R.eQ..X......\K+..../....i.0..V....b.KCN..B.....!O...^.h...$x.K..W..$X.$.....r.......|c.(.9..u...1.>..$.K.B..9.@.!.D1.D._..Q..}y*.z.r.'$.(i.......:...jv.&. T...D'5...`t....0...u..A2..{....../i.v...M.....O..D...p.=..l.Mk.........I..^..<....Q aJ..).d...2.r.....HI].D................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\2C3960FBFCFD74D25CEDFE21C22F2F957B98AC19

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):29373
                                                                                                                                                                                                        Entropy (8bit):7.449847094036896
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:QBvdHyn6DVVMpVEHVQHM2Ni9aHJnZNCKi7VqN4mApqN3Xo70tNo+pwPm082nyFz8:wW6vMkHHQ7NB/ApQHkKo+pwPo2L
                                                                                                                                                                                                        MD5:1581CC433CE3BBC96FC59EF1CDCD49A0
                                                                                                                                                                                                        SHA1:3B10586A2917174A855236A30D7CEA60A90AA007
                                                                                                                                                                                                        SHA-256:D3FEB53F78F2106B5D0E6C24BCD74F1A0A0DAF0A5D75F7B52E78AE88E953FA5F
                                                                                                                                                                                                        SHA-512:A19376C464DA200A71044D8D6CA0AB83C20F595D347D59E8450A28DF1DA9793ACB4557B2CFEECF011E383E4B6D4EC794D12E956720CB68B3DE91C2F3785627E5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:. .$...C."d.........`o.f'....56..KKl..N#....@..&x...j5!@..Adl.RZk...{.{....?....*...HJ].RcH....A......6...4N.u...%u.z.m........D..1..ts..Y.a.Hz..jU>..7TY.!.....-f..q;`V..UCS|..U.y..3M.=.%..+.1..DQ>&Q..8.%.2..:.h..rS...cxf..=".k?.]....4.?.h..v^(&.o[~.!qe......A......d.......!.@.`...'..3.i/...wF....r)......R~...R.e....!....Pj.3.....Ji.K.+.k.._....m...mZ%...|.`.....z....L^K......`o....q.....b.-n..n.d.]..4..{J.|0...@._@...|>2q.._.kG6.\.2.6!9)..=;$#.ae.qK....^.Nq..>g..2...q...O+.,......QE_..(......In....?...`..u.y..v..[._kZ.....e..T1.B@$~..G..0.\.*..m...m."E.{.v.~.e..f....^.4..\~..3W..z...w.mV..,l.o.....^aW......{7...z6..}j..}..-C.....9S.....:...o..u..Cn..?\.j.]../..........p.l....~...o./AKSm..B.-b...}<..<..M_f..QIx...d.c....x]2...+&..a.a.n.....n%..).Qs..qr....R.Q. jL2.i.I.8"!4.w.4EG..}.."0..NJ.8..W..QTq....U...9..:..B...H.......Uk....~.c.X....Af.tT...V.".yC..4..vv.9..S..p.(&O.....)...[6o.w..OG.'...`r.|...o.`...x..jW.*.L... _..W...B.{.e.u!..$.v?.w.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\2CB84DD9ABB4E1485D83397C59B193094E1ABFC7

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8635
                                                                                                                                                                                                        Entropy (8bit):6.096838468746031
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:tB0gaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdNt0dNt9:VhJvjaanFhu7oiTaIda4Z
                                                                                                                                                                                                        MD5:27F9B4E257C7E0FA0E68A0120CE03C94
                                                                                                                                                                                                        SHA1:ED900E12B0107DF7A4CD7AAE8B20272BC5F91665
                                                                                                                                                                                                        SHA-256:4809DF01F5944E962A6B2B32C5B81E132D50DFBCFC1C449080CF8EA808D45986
                                                                                                                                                                                                        SHA-512:E2CAF64E3B7D323DBECB8FFBA55921BA039FE392830BB32480E3D0EF0EEDEED6B2E1B88865B0BF7E6804A15B8ED9F32F8F25F52364CAA63EDB8D505A2DFCE0F2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"signature":{"ref":"2psk5b2oconbi3m19imz2ereev","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"wBtboJXLXuNJYNue-nNcrEcwQJGIvJDIHomMWUoWe20ah9yCh8UO0nDf0QViuq9Mx6IcBAF7lX7mi_LR2vfXUrprXD-VKFKRSMGGTReFzTRTzvxy-T6tqqfxRca1pC3Y","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"displayFields":["token"],"id":"anti-tracking-url-decoration","last_modified":1708041623382}}.p_NI........e.'.e.'.F.tJe.'.........:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/anti-tracking-url-decoration?_expected=1564511755134.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\30F34EAA36BFA2091C6F178ED9BFE29C547FB4F6

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9027
                                                                                                                                                                                                        Entropy (8bit):6.109721047186143
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:xBJgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdXldX1:mhJvjaanFhu7oiTaIda3F
                                                                                                                                                                                                        MD5:176D87C43996EB2DCF082FCFCF4F2B9E
                                                                                                                                                                                                        SHA1:0864FDBAD0E4A9762FD38754DC6B3D150B35EEAE
                                                                                                                                                                                                        SHA-256:FE965CBF2D78E15C60D10AE1CFD4A10C068E7DB032B753C782A31257C812B492
                                                                                                                                                                                                        SHA-512:53D28BAC7B53F410616355ED1F8E5780387F1B4CC6FD52A95D7B21D8B68746E90D7B33D045E74785DA44D0BABEF7B0DBB022E97EC7DBD45200A2BEB75338FD88
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"sort":"id","schema":{"type":"object","title":"Language dictionaries","required":["id","dictionaries"],"properties":{"id":{"type":"string","title":"Language","description":"Identifier (eg. \"es-AR\")."},"dictionaries":{"type":"array","items":{"type":"string","minLength":1},"title":"Dictionaries","minItems":1,"description":"List of dictionaries identifiers (eg. \"es-AR@dictionaries.addons.mozilla.org\").","uniqueItems":true}}},"signature":{"ref":"oyfuwv3n2mveofpa74z6l5ap","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"-ZLHHEcEvoCb6Hva40WWIVJIMPCXKBcA8iaLGdii80Fjb4Zt9UMqMUPqEGvjiwHyWcAvwqJyCWpxMRZ1cYFJ7BFupUFBh2bLxnwBsWgLL8OhfbIrJoEzR8xBaFfwJeHs","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDV

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\36E02E1B33269032456E45CE237E27B659E1E282

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8696
                                                                                                                                                                                                        Entropy (8bit):6.108464979541048
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:zjBH8OgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdRudRE:zp8nhJvjaanFhu7oiTaIda46
                                                                                                                                                                                                        MD5:6A3071968A316554F5166467B155AAE8
                                                                                                                                                                                                        SHA1:6C3EF2B84BF651B6E2D337D7D277DA2708B23C7A
                                                                                                                                                                                                        SHA-256:29D641D4C3FD8B8BE8E3B2F90B9F41C9A7A4FE38790488F0588D4293887A1458
                                                                                                                                                                                                        SHA-512:F4EDAFB6D11B79283AD85BB39156BB0DE0D75A233B2C3D89E817E3C90130A9461658CE3C5C35933E2657F681B498F212C73D06C8A8EEBE6B6FE5839790A80570
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"signature":{"ref":"3lu779a5jx1gi3fksd323olu5j","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"ZomKvj-vHQQ2kqflTjhYi3ZWkb0lC8LxTcNqzC-pm8xxcf5Oek4Eh5oaHWwOYeJLxGA79U55G2UeYXSxzIKdkN8DlKe0SMf_NXRWOWt_SlgC9N82q27QxCyWwTnpojJ6","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"id":"message-groups","last_modified":1708300804911},"timestamp":1697058525985,"changes":[{"type":"remote-settings","enabled":true,"frequency":{"custom":[{"cap":1,"period":15778476000}]},"userPreferences":["messaging-system.askForFeedback"],"id":"micro-surveys","last_modified":1697058525985}]}....m.........e.'.e.'.F.tGe.'.........:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/mes

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\3745512DF8858AE920AB00BB6CB35CC364E6F4EE

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17434
                                                                                                                                                                                                        Entropy (8bit):6.427513494427429
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Te27VqN4mApqN3Xo70tNo+pwPm082nyFz/LQr:yApQHkKo+pwPo2T
                                                                                                                                                                                                        MD5:F4DE5A1813F122D730FCCD8F7C2521AB
                                                                                                                                                                                                        SHA1:6E232F2C50E9135A6AC58192DA0DA72B9BD24B76
                                                                                                                                                                                                        SHA-256:47C985C040AE35A5FC325440C75995364AD87151D5086F908451FAE6B4D668E0
                                                                                                                                                                                                        SHA-512:9003929F919E7BC016916B17A5EFC2C219AABC414C7488CE89F8B3B34EA4B0B26AB20B60EACE0A1FE12FFCE4B892CA87EA2EBD8C7241C68D3B87F3043A723CE3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.0.. ...s9...Ie..].&..y+..8..Y...(..'..w.O..wU....R..I.@3..7.{%rx<.C.u.Q..c.6o..X.3%.K..U.1....IP..Y.~.fW...V....Oe....YX.u.x..(.H....SY...u..mv.."./..d..(..lT.J....K..j...:L"..C.N.M`.=(`..=+..@....!0.g...*.....H...u.^.K...P.._.XYk.)......>Mb.miv.+...<...e.#.1.^.....W..1...H.W`.u......0.mR8J.x.+...w...0(.S...../.N.G...7m.[....`.&.-.*0.Bwe;.6`.(.H.?.J.,..qt&..Z...;. a...e".q.f....`...!.F.<..$C7tY.d)..M.?.h.s..4._....C.....`.){..3.....w.3.....a...-n..u.CY'....3.(J......[.q..r<..Y...l.k[:.........s..1.>'.E7..z)..N$..k.=.tE.6.i..Ez...N..eY....c..../|.C.%...s... ....R...o.4.o.Rp.".zd./gz].l.........u...A..&....8j-......|p.U...b~.y6.{o...8.E..v..O8.?...n..h.v.w.c.9j."...k........MW.cnnM...M..5a.u.....*.... !...,..=..aD h..Ms....[.<.M....uD...3...pR..y.=^........Q......t.[KA....x..|.........Q{.wNn..............9..U....!{[.G.Y1.....Z..)u.i0U.7y..6.W.'.....?.....$.....1....V..D.E..Ia,$..P..PP.F..O.,X.=..0.G._..-........o.sn..SI.....t.y....c....Vp......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\38D17D67A17BB84F8176B46D2DC386028E7AF7E9

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.045396130146338
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:WhMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckBLUcV:WiJvkmV2GnShxN4su3pztscNbZovEpuK
                                                                                                                                                                                                        MD5:2872DE6430CF42BECB7882A9D2AE389D
                                                                                                                                                                                                        SHA1:83303A9AE716A5CC1A16E004C3E0B5D4BEDBC365
                                                                                                                                                                                                        SHA-256:480DBFECBA4C95477A46C9C064E7AC992D243A87B749BB9DE628BFC88D630B69
                                                                                                                                                                                                        SHA-512:EBF72013B50E28D624C051F8F20BF624886BC0A0255967BF8967FE1CB5F1AE2AA1861F7825DCEF18D5A8421E81863492650E98AFE4BAC3F5B4DB03C4D1D14DEB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:............e.'.e.'.F.tFe.'.........a,~1708533567,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/8b9e6c29-c82f-4f95-ae4b-309ad7e58d80.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\39D80535A21E286B3C662765C5F09ACEB927E77D

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8593
                                                                                                                                                                                                        Entropy (8bit):6.098137100717173
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:BSB+egaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdovsTdovsK:BdhJvjaanFhu7oiTaIdapi
                                                                                                                                                                                                        MD5:FAA4660EA007AAA0371E7C48F59CD461
                                                                                                                                                                                                        SHA1:AE0F5B3C514814B28E69F006172BF4B45438554B
                                                                                                                                                                                                        SHA-256:D7905C90B56944DCB805F97BF4B59EF50F1B16B83B40EB6BAB8417BFBB8AF00F
                                                                                                                                                                                                        SHA-512:41B37E7896D07018FDDA5D41C8BFC6CC92A860D07ED4ED7CE6D5C5DC3CF32D5C58DD57B93913819E0E8B575CFF8D076A88D9142565B9F7CA3B4CAA1AD808C11A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"signature":{"ref":"uk54naxl030tsgxcuwhps8se","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"JZraJ9ASi0XXQY8x_A-U3RGk9BC0fUY6kr4YcdGpe1mHIz_wrYRVifKxGdM6W9iIfcDvKpLfzleukXlrJayzhQTTOpxeheZkw7l-S_qHXVcp3o2wClnoPd9XorGQ3bbx","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"id":"sites-classification","last_modified":1708041624154}}.............e.'.e.'.F.tIe.'....w....:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/sites-classification?_expected=1544035467383.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAXxMI

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\3AD2553033F2FDF3452381EC30CB5BE655BDD9BA

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):19598
                                                                                                                                                                                                        Entropy (8bit):5.888021893136719
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:qQbwapzh6fBPSgVzZFQIhJvjaanFhu7oiTaIdaSG:qQbwapzAfBPSg5nQIH2qhu7oWa8i
                                                                                                                                                                                                        MD5:1C2A5121635D95F8909878C97ED6170D
                                                                                                                                                                                                        SHA1:8AA58D5AE07F4FD2EE7DF424F9FEC6CC27155951
                                                                                                                                                                                                        SHA-256:B6AD1A6E8FF7044EC17A65FF85D06B8BD9749D8B6399CA3554C439EDFD4B8F57
                                                                                                                                                                                                        SHA-512:BF867652AC7BEF39509612A8108EEA4B08AA9CD67FA7B6A383ADAABCFB56647E72C76CB598FCEF0ACE47AF750B513CACA3B28F80BDD5D7AAB14C15675DEE2FF4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["telemetryId","searchPageRegexp","queryParamName"],"properties":{"taggedCodes":{"type":"array","items":{"type":"string","pattern":"^[a-zA-Z0-9-._]*$"},"title":"Partner Codes","description":"An array of partner codes to match against the parameters in the url. Matching these codes will report the SERP as tagged."},"telemetryId":{"type":"string","title":"Telemetry Id","pattern":"^[a-z0-9-._]*$","description":"The telemetry identifier for the provider."},"organicCodes":{"type":"array","items":{"type":"string","pattern":"^[a-zA-Z0-9-._]*$"},"title":"Organic Codes","description":"An array of partner codes to match against the parameters in the url. Matching these codes will report the SERP as organic."},"codeParamName":{"type":"string","title":"Partner Code Parameter Name","description":"The name of the query parameter for the partner code."},"queryParamName":{"type":"string","title":"Search Query Parameter Name","d

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\3D738F47CFFED8D6BAEA1251409167E90988B9ED

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:PEM certificate
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12950
                                                                                                                                                                                                        Entropy (8bit):6.042613076227249
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:H/UXu9fiGLm4pUZcncPLcncPUtL/5b85bs:fU+Bi8mCUZcn+cn3H
                                                                                                                                                                                                        MD5:4EB0D9A407A106C34F9FE1232B60E9D3
                                                                                                                                                                                                        SHA1:613FE5FA24AEB9C062E059DB57E11C3DA6D13482
                                                                                                                                                                                                        SHA-256:60872AE3DCCA28FF65F39D8E2565FC0B20A4AE47B9F8475A308C977FB704609E
                                                                                                                                                                                                        SHA-512:CB80A718B242A3D2A9450A0C714A1D42D394A23297C4D5BA90FDB4B56F4068027E7E4B8F09FBF4187FB46BF726DA3D5FBCC06FB92300A5316D1FA7C4C9E192F1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:-----BEGIN CERTIFICATE-----.MIIC6zCCAnGgAwIBAgIIF7VKXdRkQA0wCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT.AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp.bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u.dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v.emlsbGEuY29tMB4XDTI0MDEyMDE0MzY0MFoXDTI0MDQwOTE0MzY0MFowgZ0xCzAJ.BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp.biBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMRcwFQYDVQQLEw5D.bG91ZCBTZXJ2aWNlczEqMCgGA1UEAxMhYXVzLmNvbnRlbnQtc2lnbmF0dXJlLm1v.emlsbGEub3JnMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEhDqYyZXmCDrvqwfYqf5i.mRLlkELylFrgvk2huv1NnTWW1Enjx3DNcWKjsvDj3fj80i7kDwh+kW20tT5klXzD.9CRHPEmcWKCWMlMPEI2CtAdQFzb/KlrNPUTboGdFqI2Uo3YwdDAOBgNVHQ8BAf8E.BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwHwYDVR0jBBgwFoAUoB1KF0+Mwis1.RfFj8dpwcKfO+OEwLAYDVR0RBCUwI4IhYXVzLmNvbnRlbnQtc2lnbmF0dXJlLm1v.emlsbGEub3JnMAoGCCqGSM49BAMDA2gAMGUCMFfPsr/HoirLhX6U0iA5kD8RRDfM.OmujRg3ILEcuDd/d6adlUrUK5h4+IHR9TgoeSAIxAPfJwg1TyGrR4MMh9h7FJo

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\3DE122AF51E9C396743DA36D6F24FC9288BA6D86

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10991
                                                                                                                                                                                                        Entropy (8bit):6.082237279733654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:38YPmO+FaPYep0Bz+gaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdAjzdAjm:MYAlhJvjaanFhu7oiTaIdaEh
                                                                                                                                                                                                        MD5:76C33A1BFEBC8FC6671D60B13779EA22
                                                                                                                                                                                                        SHA1:88B3DCDC8537868328B73028419E05B9869AE451
                                                                                                                                                                                                        SHA-256:B625E945F84E41B03887A74F1B9B68974BD2E7A1EB63FE751F185458A72BF164
                                                                                                                                                                                                        SHA-512:7082096A1C6C7F029EA627E59630D0E69C6A93EC1BF0857E1AB66F642F9147F9DB49A42DCD29A655EA0D42FE41BC11C0D188F3F240440DFACFF4F954E10B1766
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"sort":"-last_modified","schema":{"type":"object","title":"The root schema","$schema":"http://json-schema.org/draft-07/schema","default":{},"examples":[{"id":"cloudflare-US","uri":"https://mozilla.cloudflare-dns.com/dns-query","UIName":"Cloudflare","autoDefault":true,"canonicalName":""}],"required":["id","uri"],"properties":{"id":{"$id":"#/properties/id","type":"string","title":"Provider ID","default":"","examples":["cloudflare-US"],"description":"A unique identifier for the provider, for referencing in regional config"},"uri":{"$id":"#/properties/url","type":"string","title":"Provider endpoint URI","default":"","examples":["https://mozilla.cloudflare-dns.com/dns-query"],"description":"Used directly as the provider's DoH endpoint URI"},"UIName":{"$id":"#/properties/UIName","type":"string","title":"UI Name","default":"","examples":["Cloudflare"],"description":"Provider name to display in UI. Provider will not be shown in UI if omitted"},"autoDefault":{"$id":"#/properties/au

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\3FA5BCF279D30840A35DE8A0D44B987834E940A5

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15967
                                                                                                                                                                                                        Entropy (8bit):6.070006811785699
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:W7VqN4mApqN3Xo70tNo+pwPm082nyFz/L3C:jApQHkKo+pwPo2V
                                                                                                                                                                                                        MD5:6BC6878D9725C115A2241BDA16DE88F5
                                                                                                                                                                                                        SHA1:EF9EAE8D17AA9B10DC754DAA5802135B77237B76
                                                                                                                                                                                                        SHA-256:5BEDFCBEFA3F6A63058E1D9A70E53C46ADEBE9FF00752309990A4A663B483C64
                                                                                                                                                                                                        SHA-512:D79AD5AFA71A09A097897CCD01B8E809019F4BDB19C583FD3EC4B9D22B8FB03791E6169C5C75C91FBFDCD9337A06C0683D326980174DAF38E175ED666D9C1592
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.... ..R%.\.%sv.....}...ht~..s..P..6].A...ro....-FY..-..N....(".....T.."..Y...m.b. = ...UU...:5.-.i>..gj....$.g#..]...........:K5a./f. .U.H..t....:..7.D...F....fAl'.}..e......q.8.9..X..r......;. .....F.*.A......n.Y......}..$0z....N.v.D.....N....x._r.........e.'.e.'.F.t\g..u...k....O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/desktop/87423d78/cssbin/www-onepick.css.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAA5iMIIOXjCCDUagAwIBAgIRAJKc339ZwIrpCZuMyXFusEowDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjQwMTI5MDgwNDQ3WhcNMjQwNDIyMDgwNDQ2WjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASB6wVGdBTGrYTNLOgcSDG0+J3gPo8rFeHbl1W+ZIBjbbIlAbGtcHWlO5LiWvX/9Ra4EykTj2Z2HH1qM2RuWespo4IMPzCCDDswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQ

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\3FA976C8E05396C08EBF36C42C502B7FB515F142

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):30984
                                                                                                                                                                                                        Entropy (8bit):7.487770611329887
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:RfIprxJuDyB/oeyQFd2SYxQUnoSV9dyzkRx+ow7VqN4mApqN3Xo70tNo+pwPm08f:RfIpPBf3Ohnoi3yI+6ApQHkKo+pwPo2Y
                                                                                                                                                                                                        MD5:35E3DF6E325B1E4A77D239B6C6F07B31
                                                                                                                                                                                                        SHA1:A61C6F50784644ADD6C3B17914C71DCB578354FA
                                                                                                                                                                                                        SHA-256:FA371F4282B7CD1A8DA741C8ECAA14FBD5992E21D9C27827434B06595C89F34B
                                                                                                                                                                                                        SHA-512:E8C88A9C49D51613D2C1855F07D32E9624342E1B5C4C7109801065F0ECFFEA14BDB53EACFD9D2785251E275C9B8C0CC168C80A53DA4DDC5CEB44551800E24469
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.h0......"0n.c...............!9.....Cz..i_...,...........e]6.rI9.)2>R)..d3).....R.W..4...... .........~3...`O0.+.<..9r...@.k.X9O.E.*..2..pU..VDB...C.JO..O......=....no..S....!..3...3.........Z{........a......._M.W.|....b....a.v.!M..Se.c..P.-09.0.].@.Y>.a.0O...K7uW..7.W...)1.....*.N....q..(...c...."..*..L1...u....Xl>Jm..~..as..|..v=.0.i-...1.....T...l:..OJ.)F...B.J..).=.y3.4a{....D.M.M.z6....^=?<.a....._/.WOO....g.....}xy...l..d...k~}x.....d. A.L.+..f.e..n.9..(un....M.%v...=g.n{.....L.Z^..^..._x........:.;..l.;.....r..[U.....iz.{[VV..+.E$u..TG....6Y....).....V.dUO<.A}7..CUk]-....%.R.H.R+..D.XYB=sU.'.}....S.....A{..9......{....p..,.k.......(w...,C.5Gm........c..,h.G8+.7X.VGs..MW.......V.X.r...8q8]b..)."Mf..T...,|oJiz.bk....n...G....`:....i....EZ(|.]...B...q........4..N..5.e.....1d.N9...>..>...!B.z.d.x..i.t.>....mkty.....Y...E.E...........?....,.B3...4Q.`..<.@eq...V.?/.a......i.o.i....w.u......m.E.{.m......m{.g.[\-.q./..Z.eF.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\463486665093FCEECBC388E5A3D0B71138B36702

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10349
                                                                                                                                                                                                        Entropy (8bit):6.078204790152289
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:KM/TKAoHB0gaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdknsZGdknsZP:KM/TMhJvjaanFhu7oiTaIdaJKJP
                                                                                                                                                                                                        MD5:484E2E71B75B33293978411625B24140
                                                                                                                                                                                                        SHA1:AF8922BDF76AF9DD4455E6BD3B8FA5537E34EA22
                                                                                                                                                                                                        SHA-256:27E0688629399E3435465FD1445D6F52CA34C8C91585F491848CF83357729F81
                                                                                                                                                                                                        SHA-512:D871DBA516DCD270BE412564E0F967B48068F27F620DBDC2E4EE0FAC030322E871B7B7EDA2A706289DC6099D28F44BF633C57AE6F41FF023E342A8E1666BD261
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"schema":{"type":"object","required":["id"],"properties":{"id":{"type":"string","default":"AddonManagerSettings","description":"The default id should NOT be changed, unless there is a specific need to create separate collection entries which target or exclude specific Firefox versions."},"filter_expression":{"type":"string","optional":true,"description":"This is NOT directly used by AMRemoteSettings, but has special functionality in Remote Settings.\nSee https://remote-settings.readthedocs.io/en/latest/target-filters.html#how"},"installTriggerDeprecation":{"$ref":"#/definitions/installTriggerDeprecation","optional":true}},"definitions":{"installTriggerDeprecation":{"type":"object","properties":{"extensions.InstallTrigger.enabled":{"type":"boolean","default":false,"description":"Show/Hide the InstallTrigger global completely (both the global and its methods will not be accessible anymore). IMPORTANT: The webcompat team should be consulted before turning this to false, becau

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\4646211641C31579B0E8CBE083ABD637BE890091

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8046
                                                                                                                                                                                                        Entropy (8bit):6.0426005369705456
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:ZMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckcLUcu7:aJvkmV2GnShxN4su3pztscNbZovEpR7
                                                                                                                                                                                                        MD5:90C33E20CC93ABA3B882024B9BC6F9FC
                                                                                                                                                                                                        SHA1:3DC60186C8C83D032C41A985532DC4F5389A6375
                                                                                                                                                                                                        SHA-256:E6D7C095DFF953A4477C7B903C8731D883D642E4C8F587BA563760CAD1A0D2E9
                                                                                                                                                                                                        SHA-512:FE7C71DB410A1C58B5373A5160692FD28ADF0420CF7281CAED2304997A9361E203BECF5D2AA725554D7038768F455C682621C173D144F85410D7EB46B9909C71
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..r.........e.'ce.'cF.t!e.'c...|....a,~1708533550,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/baseline/1/58b46d46-b146-420f-81af-5b32c19a8aef.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1aga5kYNd6

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:PEM certificate
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12989
                                                                                                                                                                                                        Entropy (8bit):6.0428229163608815
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:HcTp+ycN9O/kqz51CcOm4pOqsqwJqcs2cPLcs2cPn8jjt8+RZFPPQ15lxpl/g:Hhyu9fiGLm4pU2cncPLcncPUtL2lhY
                                                                                                                                                                                                        MD5:F3632E548FE31097EE59CF6834F39135
                                                                                                                                                                                                        SHA1:E7858DE0AA4ADFCBD4F4D3C00CBC8F7C4CE262A8
                                                                                                                                                                                                        SHA-256:6A353ED3D766074B23BF062DB0B7743F56D99482F4EE453EDEE720B7708CCAB3
                                                                                                                                                                                                        SHA-512:DFF0812A2C7A42BC55BB937E032773D8EC1C8D384ACE9F04CC37CD97F4C54D5C030368FCBFB58C4A25952F1D0373436294DE0CC78C0011D132AFF22FE982D145
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:-----BEGIN CERTIFICATE-----.MIIDBjCCAougAwIBAgIIF68YC/b1N40wCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT.AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp.bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u.dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v.emlsbGEuY29tMB4XDTIzMTIzMTEwMDcwM1oXDTI0MDMyMDEwMDcwM1owgakxCzAJ.BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp.biBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMRcwFQYDVQQLEw5D.bG91ZCBTZXJ2aWNlczE2MDQGA1UEAxMtcmVtb3RlLXNldHRpbmdzLmNvbnRlbnQt.c2lnbmF0dXJlLm1vemlsbGEub3JnMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8s.qFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBc.rrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+to4GD.MIGAMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAfBgNVHSME.GDAWgBSgHUoXT4zCKzVF8WPx2nBwp8744TA4BgNVHREEMTAvgi1yZW1vdGUtc2V0.dGluZ3MuY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwCgYIKoZIzj0EAwMD.aQAwZgIxALPmOSBrIfgQlrVZ6pop/EoOUGMMZTxt0NdQqcdr5IPi+vDJ6c5sWS

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\4A310EEF15BA8905EFB4A4C053A96628E368E3B3

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9349
                                                                                                                                                                                                        Entropy (8bit):6.1026865221793685
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:Y1duwBGgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdBO8dBOi:yfhJvjaanFhu7oiTaIdav7
                                                                                                                                                                                                        MD5:4ED0776F5C67650BA941156ED5746BAF
                                                                                                                                                                                                        SHA1:D498A549A5E2773DA793DE40381156CF16E64570
                                                                                                                                                                                                        SHA-256:A7847596DB701846C18DAA84BC5E39D1056189BC49E6CFB4C7DED17711643285
                                                                                                                                                                                                        SHA-512:91699DAA9AD8F5101CFA86F23365A85768BD1991812C7CBC496CA771E5094269D0A32CF8AB18323864633EDA4E9F48676539B0084FA0A38EF9F10CF9657BA99D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"schema":{"type":"object","required":["description","hosts"],"properties":{"hosts":{"type":"array","items":{"type":"string"},"description":"List of hosts where this recipe applies."},"pathRegex":{"type":"string","description":"Match certain paths."},"description":{"type":"string","description":"Site description."},"passwordSelector":{"type":"string","description":"CSS selector of the password field."},"usernameSelector":{"type":"string","description":"CSS selector of the username field."},"notPasswordSelector":{"type":"string","description":"CSS selector to exclude fields as password."},"notUsernameSelector":{"type":"string","description":"CSS selector to exclude fields as username."}},"description":"Password recipes"},"signature":{"ref":"jdpt083xjysc3ibcann9jp9e8","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"PL0XYs

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\4C863284CDA7F859EB300BED16DBCEF9517F1824

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):247
                                                                                                                                                                                                        Entropy (8bit):5.075929105094271
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:oXSgNlXDOLUxGbsH3X8sXWzdsDvLUxGHl27VGsDpHHXmJ2L/l:oXSgNpGbmX8Qudu8GF2oupe2Dl
                                                                                                                                                                                                        MD5:DAFC364259B7587960A1E00CB2757E23
                                                                                                                                                                                                        SHA1:9DD625198C12AF6ED25A746B75C5103BE6AC603F
                                                                                                                                                                                                        SHA-256:E19E02370E8A32586000877C6DA9EC5B1FF4587B8AA71389D1EEE3F7A799AFCE
                                                                                                                                                                                                        SHA-512:8E52582C4C4DF54CB9EFDF784C71727E15EFD70AF9F4A0449BD719E099C5473200EAD965FCF78631FA379E44CEC6AECFB421455169181A91F718A833C08F16AB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..R........e.'.e.'.F.G........+....~predictor-origin,:https://www.youtube.com/.predictor::seen.1.predictor::resource-count.2.predictor::https://www.youtube.com/.1,4,1708533661,4096.predictor::https://fonts.googleapis.com/.1,1,1708533661,4096.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\4D6BD6C9233C7A92A2587BFFB1333D8F27FD5397

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.044489282018551
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:9MjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckBLUcuK:OJvkmV2GnShxN4su3pztscNbZovEpuK
                                                                                                                                                                                                        MD5:8DB8A5AEF8D56785E5046AAF78E707A3
                                                                                                                                                                                                        SHA1:74A8CCA67ABFFC18068C4B34170E5FDA564C0DE1
                                                                                                                                                                                                        SHA-256:68A716D9DA57DE8326BB010213AFC6946CA1ACC7DDC83B7616F7EB7ED6EB5B3F
                                                                                                                                                                                                        SHA-512:47BED12CE886C5A3D7F33D7BA610B4FC1E6AA4474655642E99FDAE39E6DD3B693C02276176054E1E041966FB5FB0D749A48A8877BDA6B7C8F969F9CCCA1F33D0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.E..........e.'.e.'.F.tFe.'.........a,~1708533568,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/d55abb42-9def-4184-8360-9200b963b079.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\573BE6FC68ED49606A9EC3A9F8C1B28F973078DB

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):89
                                                                                                                                                                                                        Entropy (8bit):4.643904009876527
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:H5PaetPubU6X7GRgvKiUll/ln:1Llubr5KiUll/ln
                                                                                                                                                                                                        MD5:483AB684EF66371C5396E427940D774A
                                                                                                                                                                                                        SHA1:47FE6FCB781A4F2063A250CDECADDBD960C1518F
                                                                                                                                                                                                        SHA-256:E571FBA1EDBEDD816B27BB2478202177275B14FD655A8CA19885EF810A92C146
                                                                                                                                                                                                        SHA-512:BE3B4E2DF8FBCB64C5233BDA274355F42E5A0D3AA984CD1DB74786F9B442E3FEE1A68D256494598457686F8FCEBB279B327A00B8CB2EE1BBB4C48B20B2E6D95A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:f.\.........e.'@e.'@F.t........0....a,~1708533528,:https://spocs.getpocket.com/spocs.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\57BAE92E295EB1A8A2A4472C62A1E113B40D1B8C

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.042002605985759
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:zIMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckHLUc7:ztJvkmV2GnShxN4su3pztscNbZovEpso
                                                                                                                                                                                                        MD5:58D05359A70CD9BEBBB2EAC03A724958
                                                                                                                                                                                                        SHA1:693E0325569248197A1019BD2DAC47990C030C05
                                                                                                                                                                                                        SHA-256:813D2F6269A8BF2DB6F67FB147882A7DAD0995506A5A1347C0F5B0F653FE7385
                                                                                                                                                                                                        SHA-512:1C77F2BC69688EDB46581D44D0F743C209A89819AE573FCD7F35C2F71E184B8B27D8B0EF33A6EB12F1C55F5F836C192C4F36AA30308A5CE6608E3D83C281722E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.2.........e.'ee.'fF.t#e.'f........a,~1708533555,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/010cab1b-3626-48b5-9d6b-0e4dfe4db5fa.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\57D27CBCAB857481421F7322F1595A270C0FC474

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11650
                                                                                                                                                                                                        Entropy (8bit):6.04172518318669
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:hFs3i3P0tQB7FgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWd+pDmd+pDB:hFs3i3ctJhJvjaanFhu7oiTaIda+q+B
                                                                                                                                                                                                        MD5:F3B35001FD868FF1267F8A5FD95D858F
                                                                                                                                                                                                        SHA1:EEE019AEB0FEE365357AEB36CB1A2C39FFAD98AF
                                                                                                                                                                                                        SHA-256:3CF5D62A1BAA16D01EB6BB3F27210413E9B276913C840F4C88D3C1B531B3F6BB
                                                                                                                                                                                                        SHA-512:D6F21C82A266CDD57BC78D5205F3651138C07D9A5B12ECC4BA2D4FBA9AD58AC30A0CA284515167508F85B0A1B8A0D20696CB3968A4C13FC13121DB4663B119A6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"sort":"-last_modified","schema":{"type":"object","required":["url","order"],"properties":{"url":{"type":"string","title":"URL","description":"URL of the top site."},"order":{"type":"number","title":"Presentation order","description":"Presentation order of the top site."},"title":{"type":"string","title":"Title","description":"Title of the top site."},"exclude_locales":{"type":"array","items":{"type":"string","minLength":2},"title":"Exclude locales","minItems":0,"description":"List of locales to exclude (BCP 47 format, eg. \"de-AT\", \"fr-CA\").","uniqueItems":true},"exclude_regions":{"type":"array","items":{"type":"string","minLength":2},"title":"Exclude regions","minItems":0,"description":"List of regions to exclude (eg. \"FR\", \"CN\").","uniqueItems":true},"include_locales":{"type":"array","items":{"type":"string","minLength":2},"title":"Include locales","minItems":0,"description":"List of locales to include (BCP 47 format, eg. \"de-AT\", \"fr-CA\"). Set n

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:PEM certificate
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12978
                                                                                                                                                                                                        Entropy (8bit):6.0420733990846465
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:HR3u9fiGLm4pUocncPZFmc1nbTaIdq07R7v:UBi8mCUocnUmc13a8qC
                                                                                                                                                                                                        MD5:B175015775E594FEFE9B6023650C670E
                                                                                                                                                                                                        SHA1:03391BDDC272295A7A873FF516818E8AA31934DC
                                                                                                                                                                                                        SHA-256:98D719E66615E6ED3720FACBB8E07449A5270D591F334E8E870C56CD19FA521A
                                                                                                                                                                                                        SHA-512:FEE9A698D25B3DDB2BB5C99E9E293FE2A592EFD216C6A56DC562991F1CB5FFBA5FACBD100125E64695FE1991568FBBD494EF02106098C57CDF57F97137BE5E9E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:-----BEGIN CERTIFICATE-----.MIIDBTCCAougAwIBAgIIF4NGAGgAoGAwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT.AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp.bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u.dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v.emlsbGEuY29tMB4XDTIzMDgxMDE1NTQxMloXDTIzMTAyOTE1NTQxMlowgakxCzAJ.BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp.biBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMRcwFQYDVQQLEw5D.bG91ZCBTZXJ2aWNlczE2MDQGA1UEAxMtcmVtb3RlLXNldHRpbmdzLmNvbnRlbnQt.c2lnbmF0dXJlLm1vemlsbGEub3JnMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYyj8.zLJVJc//j1xARfPx+oE/xqqM7O7tEZ9+XMWBeEQCqbJZRV8YS8VVq7Gffqygmqry.EGBhGRP5MX05XlfMO0cKletwojy/g/uWNoFAMYM3K/5640rSS53JHtjagJJEo4GD.MIGAMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAfBgNVHSME.GDAWgBSgHUoXT4zCKzVF8WPx2nBwp8744TA4BgNVHREEMTAvgi1yZW1vdGUtc2V0.dGluZ3MuY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwCgYIKoZIzj0EAwMD.aAAwZQIxAKnhW7gpmEDAerMLSrR9kyCc82//G8dmfBsMJJxS6HNtZJi79sTvtm

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\61E7BECCAE8549715CA725B2D3E89C2E3234FA06

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12848
                                                                                                                                                                                                        Entropy (8bit):6.014172254683764
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:IFtHVrWJa3oac88BnDgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWddLiddLI:8HVWJabcihJvjaanFhu7oiTaIdaE+
                                                                                                                                                                                                        MD5:99046D014C908AA84708DE60E843BBA2
                                                                                                                                                                                                        SHA1:9694B1165CC42A7049718CB68EFAC9D13EA19982
                                                                                                                                                                                                        SHA-256:2F4D2BDCA27E839D54EAD9F0A1735399C2E597B6D89DC1132A5B6B9284BFB165
                                                                                                                                                                                                        SHA-512:90513ECD7DF41E15A420A111D74F694EF8D4E01A4B4CA5D160379735B601EA0FBF1B1379169F8E32D27105E087E5FA64A37EBE2CDCF6BB4E6178DF81863CD18A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"sort":"-last_modified","schema":{"type":"object","title":"Gfx","default":{"os":"","vendor":"","devices":[],"feature":"","hardware":"","driverVendor":"","driverVersion":"","featureStatus":"","windowProtocol":"","driverVersionMax":"","desktopEnvironment":"","driverVersionComparator":""},"required":["os","vendor","featureStatus"],"properties":{"os":{"enum":["","All","Android","Darwin 9","Darwin 10","Darwin 11","Darwin 12","Darwin 13","Darwin 14","Darwin 15","Darwin 16","Darwin 17","Darwin 18","Darwin 19","Darwin 20","Linux","WINNT 5.1","WINNT 5.2","WINNT 6.0","WINNT 6.1","WINNT 6.2","WINNT 6.3","WINNT 8.1","WINNT 10.0","Other"],"type":"string","title":"OS","description":"The operating system identifier."},"vendor":{"type":"string","title":"Vendor","description":"A vendor identifier, eg. 0x1002"},"blockID":{"type":"string","title":"Internal blocklist id","pattern":"^g[0-9]+$","description":"Original block id, eg. g28"},"details":{"type":"object","title":"Details"

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\6246CB7FA0A72939616FB877FF3FE3BF71EBC1BB

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):114
                                                                                                                                                                                                        Entropy (8bit):4.913892336938957
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:a/W/B6H8u/EtqiBMqEcldnX9XHWwrRzcSLYXqhHK//l:hB0miclpJWw9LYX2Kl
                                                                                                                                                                                                        MD5:9909E3B4C128F11851813F4C8EF7AEFE
                                                                                                                                                                                                        SHA1:40F35E54792077D2858E54990BCE8D6ED3F2EB6F
                                                                                                                                                                                                        SHA-256:A5F4B23E352BCAEDAE6309965E288FB397219E171F58ADAABFE7083FFB084B48
                                                                                                                                                                                                        SHA-512:4240D8A5E5B0A63C63D7E867F5D7C9238159FEF063C190FFC3B7E2CA517BECB6AF40ACC2B67217301F33070BD982860B47C2D776CB6C1A636A9E73978F490A2E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...........e.'2e.'2F.t........I....O^partitionKey=%28https%2Cfacebook.com%29,:https://www.facebook.com/video.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\64ABA930574CA4FD805DE1014152699355976179

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.044677684264432
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:WBMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckTLUc/:3JvkmV2GnShxN4su3pztscNbZovEpoc
                                                                                                                                                                                                        MD5:81EAB46C57C9BC58E75EFBD4EF454324
                                                                                                                                                                                                        SHA1:1CEF1713774789E98AB061F5E92550E84B34882C
                                                                                                                                                                                                        SHA-256:EE1878CFC623CEA940F170C9C2B870D4A69196D463FF42915B0548CF5278393A
                                                                                                                                                                                                        SHA-512:3F77D80DFD076E6FC4AFA82088CB04C5685D9770A6D6C9F31018860257B79A82B5E73A45D49787797C5B05946EFAE79909A8E06A252A0126BB6180DB2574F30F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..9.........e.'.e.'.F.tEe.'.........a,~1708533564,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/b3c274f7-6fd8-4832-989b-74a48f86b6b5.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\64CC22CC432EC5DD1036D38E57BD4D3BFC2B1688

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.043914123272558
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:GRMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEck1LUch:GSJvkmV2GnShxN4su3pztscNbZovEpiW
                                                                                                                                                                                                        MD5:45C4E5A359628242A24B21781F2BDDB5
                                                                                                                                                                                                        SHA1:2C96F8D86228147C8A49433460AC0292B1283183
                                                                                                                                                                                                        SHA-256:9233E3AB442D5CA688E23C60C7817AD1B03810F35A1DC487A487048359284CF7
                                                                                                                                                                                                        SHA-512:D68DD57FA1705C7A086DF421DD8E1613D15BC33685A22D5D74EF6451FEF2E81B77F57016CF8F08F1F3278D8D3537D650DE636C0A83B9E1106A712A39E48DB681
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...v........e.'.e.'.F.tCe.'.........a,~1708533560,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/6c257ec7-9ee7-4e42-91a6-7d3b50c23b76.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\65E0FFA59D21ADEE5C3AA36A5C3162271566AE23

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9550
                                                                                                                                                                                                        Entropy (8bit):6.096641448775166
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:wcT83kB3+gaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWd17+d17s:zTKaXhJvjaanFhu7oiTaIdaEK
                                                                                                                                                                                                        MD5:81CA7A3FC3AE8A50878CA6C667FB05D0
                                                                                                                                                                                                        SHA1:18DEBEAB3A3063E7D27610ECCD7D262854EE8CB9
                                                                                                                                                                                                        SHA-256:1A43DB4EEB02920EBD62C5CE603E1F687E327CE588C15F9F0D8E2FFAF7773A5A
                                                                                                                                                                                                        SHA-512:17CED7F070C8CB837C37DFF08D6C03581A932662BA50111F6392A7E48144F867C4B28DCF86060D50582341D6518E56C8AB1360321D36F5758E38FBC6EC875872
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"sort":"-last_modified","schema":{"type":"object","properties":{"name":{"type":"string","title":"Name","description":"The name of the device (e.g. Nexus 5X, \u2026)"},"touch":{"type":"boolean","title":"Touch Screen","description":"Indicate if the device has touch capabilities"},"width":{"type":"integer","title":"Width","description":"The viewport width of the device"},"height":{"type":"integer","title":"Height","description":"The viewport height of the device"},"featured":{"type":"boolean","title":"Featured","description":"Whether or not the device will be displayed in Responsive Design devices list"},"userAgent":{"type":"string","title":"User Agent","description":"The user agent that will be applied when selecting the device"},"pixelRatio":{"type":"number","title":"DPR","description":"Pixel ratio of the device"}}},"signature":{"ref":"1u4ofa2gtcmvz2bdxfc0ezv6gq","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\672092B8D36D64EA59E40AC662BE04092C353FCC

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17271
                                                                                                                                                                                                        Entropy (8bit):5.941357505590563
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:vBYt5hUyp92mDWsPRTDePmcX19JgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdWOda:M7DhRTDa19qhJvjaanFhu7oiTaIdapa
                                                                                                                                                                                                        MD5:1DD157B352756BCE1320C2020CE2E343
                                                                                                                                                                                                        SHA1:5BAB1EC5489615E8EF51C06C5B3CCB7C39A03995
                                                                                                                                                                                                        SHA-256:FA808B7C38868AA8C5C1083885ABA8A3A623645800978F205A3C69B45640B3A9
                                                                                                                                                                                                        SHA-512:929A85F3683B95C3C001446B1F135D511E3A84AEACA428121533A9866F9FBA6B03B0DD56CBDFD602EF9398B8C422FB969A94D608C0F6DBC684EC6C87FDCF24EA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"schema":{"type":"object","properties":{"attachment":{"type":"object","title":"The attachment itself","properties":{"hash":{"type":"string","title":"Hash"},"size":{"type":"number","title":"Size (bytes)"},"filename":{"type":"string","title":"Filename"},"location":{"type":"string","title":"URL"},"mimetype":{"type":"string","title":"MIME type"},"original":{"type":"object","title":"Pre-gzipped file","properties":{"hash":{"type":"string","title":"Hash"},"size":{"type":"number","title":"Size (bytes)"},"filename":{"type":"string","title":"Filename"},"mimetype":{"type":"string","title":"MIME type"}},"additionalProperties":false}},"description":"Information about the attached file.","additionalProperties":false}}},"signature":{"ref":"20crxvapq0ey22q46vbomp9qde","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"-fFx2lu100c4E7TZuWZw-cihVAUy2b6f

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\6806AE4F4B78BC9FCE7A4EEDF5C152008F4791C1

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):17894
                                                                                                                                                                                                        Entropy (8bit):6.526208746908679
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:7V7QlXWP7VqN4mApqN3Xo70tNo+pwPm082nyFz/Lyp:Z8lXWEApQHkKo+pwPo2H
                                                                                                                                                                                                        MD5:FBADB224D09B89CEC5413E0AE7C9DC0A
                                                                                                                                                                                                        SHA1:274667103E70DA4FE8C4CCA42E45B4B019BA7E0B
                                                                                                                                                                                                        SHA-256:C2038FB735796FB701CAC20A8E69CC8AB70019A79A7621F59642E55D2DDCBE08
                                                                                                                                                                                                        SHA-512:7C12B9387464CDAE378051E79EF4B3B1D2E2FE675B1FAC55D0A025E413C3F0BBB1E97A921D3336167ED45E5247840B786FAA0AB97E8527221F1C932C7E773F41
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.P.. .-.?...vT.X.!.Az..t...x.ZB.c...W!.\{.:`..I.*y/;.Ba.s.........)`.*..c.....K.".<..W..<.m.{y3{l....6.Y_....o....S.y.7.q'?U......................~..[|..|[.....~..=..V........:..../)w.....oxv.e.t$..T..1v{..........s..DM...FZ5...js....|.9..fW..R.T.s.e..V.....0._h.n..u..eq.s?.|.v....9....$...%.......]..d......D.n....L...`Hs=....y.......R.Q?...2...T..~...A_...m.`... J.......u..y..P.D,KA....5C.4.c............@.......%.4:I.oL.{.6/..-}.....b.V.o.!..v.zS........S.2..bFY.K&F...A!.U"`.(!.D.o....h4...qN...y...H..e..`.....4...<T.O.X.4..s~.1..'S....."h.`....B.\..)^..]3cN|........=...FR....q..b......\..!...q.|.9.q.m.U.l%.b..M.....]......$.j...@Xk.O...^+.G...3.r`...aGf..~[!.p8Y2./.!kZ....+.G.A.......0.....'....._.s..8."D.~.......jIL....T....S.x..5.8.*...}{... ..9?.P9.U ...yw....".......O.@....r.m.[4*y..%...GHl...+j...=.S.`.....U..._.C.....4...Y.R]...S..t..h..i.fW.s..w....'....7.....i.I^.0...W.|m.`....>....MM...w.T.q.!.;.N.........E..<....j{A.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\68B85D2648F4A19BC454C9ACE28372B7AEC05DCE

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):19837
                                                                                                                                                                                                        Entropy (8bit):6.805320351392287
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:zyAna1IS67VqN4mApqN3Xo70tNo+pwPm082nyFz/Ldi:mA0ApQHkKo+pwPo2n
                                                                                                                                                                                                        MD5:9EDC566AAB3E4CEB3344F9FF8D381B30
                                                                                                                                                                                                        SHA1:17F296FBEA7D76C25AEAFD0E938AD24A3B57908F
                                                                                                                                                                                                        SHA-256:BC638F93A2F0AC1034DBF749964D1640861C157ED079DC6C5574C0E69523CCBD
                                                                                                                                                                                                        SHA-512:1CE4791273E68A5F28805754E0BC7CBBDA0627CE11CAEB24DAA9589AA7E968388E6E4F2F35DC19DCBFA6D531776961F5AF0A1F15F30A60F77275367076712AA0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.`Z!...."d..._j....jG...`7.R_....=.....s.'..~S.E._J...{....d.....>...-A.!._.j..Q.H}...&+......=.V.1.-[l..t.tl...!....s..........9>.O.M.X.....B..b..HtG.HKs..R3=r..h..\(uf.8_e.......0......l.....m....".:W~J...9.......@5..8...h..J..>W+...../c.K.J7..2p5d.w(..(K.m).B...oe.....h.I..r.Hl.D...VD....c.R....MU.ZB......#.._..\..-z=..H...:.#u...ar.y@53..&.`z.g...k..c..J.....l.k.f_..*....z.'.%.:d.......`.2_5..g....\.0.3e"..|3...B.j..G[6..982J.7.<*._3+[....Ck..suJ...m....._.3;...ab.;..,.......T.4.i..~.X....K}L.e.......8..[......8v.(.Q.4L..83V..4....X....k......M...Ui.*...d.v..j.~.n_?}.Z.....?.....%X..;..Q..j....W.IZ.:.t..*c.[.(z..Or.~.R..F..wM#.....y..vU....4.N......k."n!Q..1B.....0f&.y.0...OHU,...&..\...&h..2f.......l.. K....>........g..p........v.q..;.2.5.24..a.b..V7..[..{1.$.@.....V....}.j.c+.wh.R.x.h..OU..OaL.S....8@zp&A.\..7...\E...)c..e..;....'....R;.+..:.jQ...m...t2.0D{........s.r{.b0.B.e..Ri?.cG...1.......o....TN..'?."Kr^d..iEd..c.....l9u...#L@....,F.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\69455E9F6ABEDFC78866EDEA94CB9D51C573A013

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):126
                                                                                                                                                                                                        Entropy (8bit):4.954874341439233
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:qslliB6H8u/l3BMqEcldnX+OGTAMrRzcSLUxGTKlLjOKf6T0tn:qEliB07Riclp+OGb9LUxG0OKLtn
                                                                                                                                                                                                        MD5:4715FCDFA351C8C17851D6749982D792
                                                                                                                                                                                                        SHA1:D391EF267C8C353742F0722C11DD6AC1C82E0BF5
                                                                                                                                                                                                        SHA-256:509563D10669EDC3A5FB3CB20328F5D5B2906F9DF6632FBF7991F545C6FB6468
                                                                                                                                                                                                        SHA-512:DFD189A59441FF23B73796A20B55B8844240EBDA319F2FD881B4E2B2F23651CFE7973023AF831E547BBD2A7E5503130D8FF2EAEFC5B959590916D93FFAABC495
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:(J..........e.'2e.'2F.t........B....O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/.necko:classified.1.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\6A2780E08FD0348BB3971DC643C1230A411518FE

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):21334
                                                                                                                                                                                                        Entropy (8bit):6.984287297984812
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:0bh+WVteP4/KlL97VqN4mApqN3Xo70tNo+pwPm082nyFz/Lte:qhBKlaApQHkKo+pwPo2T
                                                                                                                                                                                                        MD5:2807E5F0F6D862E6084C1342223A2415
                                                                                                                                                                                                        SHA1:6D4AB9FAB387099C1DC14E9C01FE8C83C6B6CE47
                                                                                                                                                                                                        SHA-256:11F0C0673B23FDC8AA486273A1ED7545C3EC22EC965C2035125B22B33E7AAA64
                                                                                                                                                                                                        SHA-512:6D87FB33DD67B380E665CDF3D3D2815FC90F18FD6B4F484FF819704E861F8BEB405DA343A6C3E96C2AAE29637E0082A3DA894935E70E8F53018E8B83FB61C051
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.p.. ..R......L...Zm).....*.q.;...a.uz.".. ../...08..k7...ZW.;....v.t.=...$.Q.A..D.........?..~..W.e..k~H^.f*.>`.D...?.....,y..#"A..3...=1..c.ju.q!.....)e&I.)../.i*..FV....d.mC.;...~.."r...*..O[.WH.i.P.A..]G{...q$.2...Z>.4e&G...z..&.....D...M..L..wE...xsI25}&...#...+......\......N.3>.bg.MWAX....D..z.Xv..}......;.y.<B...:5......h..2...;`.G...u.o5!Q[.b..kw..K..3...3b..,..?FD..|>.R..7...(...p.M....}n...ZXI.@.j.!~!....9.....i..v...f..t..........S.....0.....4.')/.U}....=....1........a....=..'..0...yY.a.R..].BI.t...R.{./..4D7,.'.{_.......b?z.n.O.k..K.......T<.J....?u...a.f..BU....A...1E.!"..R.AF..M3...*....5m..%.[..;;.....b..........c.<iq....E.;p..Lf.\.5...q...6.^F9"....#F.dI...4...tJ......-.4i. .(9~........PC.B.l...dL^.....0^J_.^.....s.2.l...$..>..\.$e!.9..O.........V..t.[.~:..J~...L..]B0.......K..n..5.}.f6.&...G.u+.|f..2.u..t7.Os..E._......a~.|3T..]..n.~.V-fo..-....8N*......K...3.{..{..n<5C..QEt.....UC...fQ...g.b.J..1..<L.3...'~Z5RW._...

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\6AB8B35046C4F3987AD802D33C71FF6119F2E2CB

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:PGP symmetric key encrypted data -
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8044
                                                                                                                                                                                                        Entropy (8bit):6.042188308392092
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:MmMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckALUcU:MbJvkmV2GnShxN4su3pztscNbZovEplH
                                                                                                                                                                                                        MD5:F7B7AF1A27AC5FAA989DE9164292DAF7
                                                                                                                                                                                                        SHA1:0505598B2923CF89AACE730D166A26B0BF21E702
                                                                                                                                                                                                        SHA-256:538810E75149F55D48DD5D7F5290EAF3620085E8C45E25248694A6C23441A3C8
                                                                                                                                                                                                        SHA-512:04BFA139DC9E050341438D2B795C14D1A2D12C91A26D2BCDAE03603BA0525701AA69251FBB792496E5A85CA6C92663978865E84601BA71178706F51D759C31B2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..Ui........e.'.e.'.F.tEe.'....z....a,~1708533565,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/6eaf15b3-37e6-4847-a3b7-7d2bd47e311a.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1aga5kYNd65Z

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\6D264199C0FFF3E48A90A48416AFDAA75380F257

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9262
                                                                                                                                                                                                        Entropy (8bit):6.109960651521307
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:XIYEBR3l1ZgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdo+Hodo+Hi:XQ3uhJvjaanFhu7oiTaIdaojob
                                                                                                                                                                                                        MD5:B542432F39AE52B659A3A1A9D962D579
                                                                                                                                                                                                        SHA1:BC5C49ED1E7F650ECC3F88187DEF2F84EB15CB65
                                                                                                                                                                                                        SHA-256:8920845B8B01B0263E138935F000CA4F8E812FFB7833E724C2D966D01A8186FE
                                                                                                                                                                                                        SHA-512:2DD6A9385EFD582E958D74331F7F62FBBAB78298CC5314D3A18C934BF156672DC67F23B4625AB62EC9805D2B0BA1F68E3FFBBBCAAF164BE20AEB24B90C420A76
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"schema":{"type":"object","required":["firstPartyOrigin","thirdPartyOrigin"],"properties":{"firstPartyOrigin":{"type":"string","title":"firstPartyOrigin","description":"the first-party origin being used for the permission."},"thirdPartyOrigin":{"type":"string","title":"thirdPartyOrigin","description":"the third-party origin being used for the permission."}},"description":"an exempt list that partitioning will be automatically relaxed for specific origins."},"signature":{"ref":"u0mgbpz5iwxi38fzobs7wao8m","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"qWLsCicKFbULmR_a-Knb_SsvfJ06rOcoFmRaaBKNiTENkQNnv_scoZOsW10YOfmYJut1r9Ju3gnTWzm4KpP3OxjiZor6OhUAGFi3p7FMOMncHxXNs0KF1suo4YNOQZ6W","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7g

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:gzip compressed data, max speed, from Unix, original size modulo 2^32 3137601536
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8823
                                                                                                                                                                                                        Entropy (8bit):6.640382991697067
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:kxIBDDbZFfAysEZFfAys6NbZovzcdyYY0dVYYY:sWDHZF7sEZF7s6AQyZkVZY
                                                                                                                                                                                                        MD5:F44FD6DC538E6959D96B602298ED4B5B
                                                                                                                                                                                                        SHA1:A55C8CF330F6BB349DF94F2334D603C0286B57AE
                                                                                                                                                                                                        SHA-256:2FBEF4481228066D04E9B2219DC60F8C5076CD4CD42AD96A10922B6702EA2B76
                                                                                                                                                                                                        SHA-512:13E6DE18639BC7598F7CDCD84A3636C0790F77B872D31C97991154058285CB8F2BACE42A30A43E317FFAE634BE4AA3772DC55A36D9E3B39DCF43A46E4D8C8CE2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...........m..H....d...4(2..(........b.i..'i.u........nw...b.......e..o.8B.............}#qc.xl.b..&..F.Gt.-..<><TU.......m.n.......%i...GA7..$Z...\ ....>.|...$.I-.H..y../.@D..@..%..-...\..u\..F..._..r.o.C..c.........PNp.t.6.2.....D.,'.,Koz1...9@.0..%j.....S.8v7.d.&u....a...."....G.{.f.m.=.BMA...E{,.........:......on.I.8&.6/..>....l.?.....J.u0q!t..".[`...Z...`.Y.2.I.?h...f.X..f.Eo@_.<.~...s49...6...5E[...x.M..a....J.........:g=....~..WKp......:.R.7r`qY...c....&.%V..y1,.u.....O0.92@U...k...G..#.;av.Y..Rej..4.B.A.....m.2Qs....a2x^..B_3.:.LS.J....S0O.....tD...-9`.Fxs.....T..e...GY.BtW;b..2.f...rs..X..S.&.~Ju..(.ss|p.....i... . i._..(r.o.....D.{8...|.hD.....VJI{..hO-..:.S..{.i{56.....I@r...= ]....F].._.4.Q(...7@.|.....@../ .i.~..,-h+|...)..n..^9...}......=.].(..?.Nz..m,.....j./..q?w...........}.5..F...4..#..d:.rR...zC...=lHv.|I..B.F^.[.`.........w.x..W4:j|..@V...Acp..AN.........aq=....7>.q. .~.^.&.ia...dRf*#4..w6..;].O...m...&[.........

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\74D55AAEE23E5BC928D795A450665DF275AC4033

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.043616929213906
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:kklMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEck/LUi:kPJvkmV2GnShxN4su3pztscNbZovEpkA
                                                                                                                                                                                                        MD5:FDF4FD580A34B47FC85F00F069E8FD88
                                                                                                                                                                                                        SHA1:530769FACD464AE05F066B9BC10E4252F7E25EBF
                                                                                                                                                                                                        SHA-256:0C38FB41B468E696D002ED83715811F78E68D42F6FCCFE8CC65AF113193E61CA
                                                                                                                                                                                                        SHA-512:506BB5D714CA474E462B64EC61C4278A5683724761CC4CDD6B0287EFB57DAE1581CF5FB3013BB751B7F0454FD329904C9AB29D2A266BD33C4BCB53D51504919C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:*.$.........e.'be.'bF.t!e.'b........a,~1708533548,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/7b2ddd96-6d27-491a-a7e0-811ed320f1f0.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\7943793AD6EF12CA229A1DF7A721B44C210BBC82

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32390
                                                                                                                                                                                                        Entropy (8bit):5.581679220294835
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:/y/K4ALv/YPxl+VRFHiUzNfw4CNWZhJvjaanFhu7oiTaIdaOk:/knS0z4kUzNfyWZH2qhu7oWa8Q
                                                                                                                                                                                                        MD5:BE2AD47D9566063603DB4193036BD4DB
                                                                                                                                                                                                        SHA1:9FE8F924D01CB6D92FE90128ED55A1A70980BCD3
                                                                                                                                                                                                        SHA-256:0934987593BBBCDE853B478AAEFE0A8E712F558D4369F39E94BC3A177226A9A7
                                                                                                                                                                                                        SHA-512:E9B32D0653B3361DA55F88CC4CA59E870AE36793C878A308D4E0F449AE2DC3CF61727523722CD37AC0BFDF9B9B84133D8528ABFD269EA2F19F84BFF2D781E9C1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{},"timestamp":1708523225644,"changes":[{"id":"0e543556-43bf-3139-1fda-2a0068116c6d","last_modified":1701990003977,"bucket":"blocklists","collection":"certificates","host":"firefox.settings.services.mozilla.com"},{"id":"19e79f22-62cf-92e1-c12c-a3b4b9cf51be","last_modified":1603126502200,"bucket":"blocklists","collection":"plugins","host":"firefox.settings.services.mozilla.com"},{"id":"b7f595f9-5fc5-d863-b5dd-e5425dcf427a","last_modified":1604940558744,"bucket":"blocklists","collection":"addons","host":"firefox.settings.services.mozilla.com"},{"id":"061d4584-acd0-fecc-b5fb-dcfe0ad5e123","last_modified":1624388514784,"bucket":"blocklists","collection":"qa","host":"firefox.settings.services.mozilla.com"},{"id":"3fadb169-e5de-a2f0-374e-6eeb3eac3dbb","last_modified":1692730580117,"bucket":"blocklists","collection":"gfx","host":"firefox.settings.services.mozilla.com"},{"id":"c521b443-368f-2e18-a853-066abaa1e9e3","last_modified":1708000561099,"bucket":"blocklists","collection":"ad

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\79B11E5B2A73707AF920FBB504E5C456E1698B13

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):129
                                                                                                                                                                                                        Entropy (8bit):4.863260078321421
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:gClhB6H8u/gWuBMqEcldnXDLwrRzJKVJ3uDLjOKf6T0tn:gClhB0x8iclpDLwnw+TOKLtn
                                                                                                                                                                                                        MD5:E2D8FF9C7BB213F351C4C9BE40AAEA14
                                                                                                                                                                                                        SHA1:D4A79CC3C1B59409DC562FAB9A2BF895FD959BFA
                                                                                                                                                                                                        SHA-256:D027F0D53DCB128ACB59A91455CD9669468B9B00B719E56F19532D8062EB27FF
                                                                                                                                                                                                        SHA-512:FB7A38179EAF61AC4D5ECCC2B8543269A82C9993268E3535AFA47D829E9B660DAF63E1D9A90EEEBD940AFCAF6EF3BDEC78304AB9F20B2BE1772D752E71A87143
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..2T........e.'2e.'2F.t........E....O^partitionKey=%28https%2Cgoogle.com%29,:https://accounts.google.com/.necko:classified.1.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\8890A1FFF6A635F3C1D09180CF09237EC3AD1C08

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9012
                                                                                                                                                                                                        Entropy (8bit):6.105224185719513
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:pRCBzcolugaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWd4Q7d4QF:pAhJvjaanFhu7oiTaIdaHf
                                                                                                                                                                                                        MD5:A14CE7A81CD671DA553D930F11FD3D1B
                                                                                                                                                                                                        SHA1:BC0BA1EB9A4E2B2ABA0607C2636398A95A0CC90E
                                                                                                                                                                                                        SHA-256:F514845A7AA6C90A9CCFBCD070A0DD9E2AC6AFDDC99958573C69EBBDD6FAEC66
                                                                                                                                                                                                        SHA-512:F3BCAE6F42360DE5EFB212B3A9A6685F97AC29B4FEEF8CA7C662DE5E07CE4EBBBCE5A3D7003528BD4D0A52FEDC4C7B21FD32920D576E5507EA5B1743F43502A7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"sort":"-last_modified","schema":{"type":"object","required":["name","version"],"properties":{"id":{"type":"string"},"name":{"type":"string","title":"Name","description":"The name of the language identification model"},"version":{"type":"number","title":"Version","description":"The version of the model"}}},"signature":{"ref":"ip57e54ci38236p3t263n2sbd","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"zK9RtbyDxUlnjIjsZJo8yNFPu4wDmnboozsGT0bV1ewh5kemUYhCQ3yyCCTrTaNax7ma_vhjqOnrpsfTCYeNpfURtUcMiJlzACRj6EvNXS8SxAfjWG63d-X1kCsoIc_H","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"attachment":{"enabled":true,"required":false},"displayFields":["name","version"],"id":"tr

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\8A4AD299B2F0E55A552D3CB09E7A57213CF46041

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9271
                                                                                                                                                                                                        Entropy (8bit):6.114655702838158
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:mKBdnTIgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdTzdTQ:BFhJvjaanFhu7oiTaIdal8
                                                                                                                                                                                                        MD5:453E9EB47440E78898997CCB6642AAA9
                                                                                                                                                                                                        SHA1:883B7069C13F3D3BDA2F008D43A545A114030388
                                                                                                                                                                                                        SHA-256:6D0170EEAE7C3D0B51EB7F2582A4664014A1079902E862F7A0FE563DCBE10CB9
                                                                                                                                                                                                        SHA-512:2BB3A3144B2154195FE419276FC452027779BF289B5E1508B15B49D2E8B74EB42E06C94C118524557CF56CBB7B0859B0BF78D368DB8EE66FF68EB2452F9B89EC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"schema":{"type":"object","required":["pattern","feature"],"properties":{"feature":{"type":"string","title":"Feature","description":"Which feature this entry applies to (e.g. tracking)"},"pattern":{"type":"string","title":"Pattern","description":"Site hostname pattern to match"}},"description":"Skip list entry for URL-Classifier features"},"signature":{"ref":"f7gb49joer44oj444icke5pg","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"7oKOeBwIWvnMriJvTmMA5c029vj1mrz6Ea6KNsT10H5dG0y_Zt0cA60N8Ie9-NS1ZXkZK1QKX5VjVZpWTd7lSGHQImlzMQYJ3CZewHTDo28ezppFG-YeucsMt0cJWAER","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"displayFields":["pattern","feature"],"id":"url-classifier-skip-urls",

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\90A03CFF289343C626891351A183251D4C70DB3B

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8046
                                                                                                                                                                                                        Entropy (8bit):6.045405112664787
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:7bMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckALUcU:70JvkmV2GnShxN4su3pztscNbZovEplH
                                                                                                                                                                                                        MD5:F5C05BB23639D47F7AA77966D512BC0C
                                                                                                                                                                                                        SHA1:F7E6079D8CBD1C54CA5BC6EDCFDDCEE253C3B22A
                                                                                                                                                                                                        SHA-256:01C04DF02265F45B64B0818D60FDF585055501EE6660572CC27D40FB29E88E6C
                                                                                                                                                                                                        SHA-512:A28698E566FE6764D1FB2BFAAB9CBD663CBD52E764E8F3513123833A2E41EEF90A29EFDD382F015B7C748310E4A277A2D2C18A58513C80151EDF156532CBD6C1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..........e.'.e.'.F.tEe.'....|....a,~1708533566,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/baseline/1/fb6735ef-577d-4aa6-9fbf-47c63133e3e9.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1aga5kYNd6

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\968105A496B4A79C818263789779FE91D94E5A1D

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8045
                                                                                                                                                                                                        Entropy (8bit):6.046078993457177
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:KJMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckYLUcQ:KKJvkmV2GnShxN4su3pztscNbZovEpd/
                                                                                                                                                                                                        MD5:544E0D6E7140ABF6769A1A149A460D39
                                                                                                                                                                                                        SHA1:A093BF1F49A196FC3B61BE0777CD444C20B96338
                                                                                                                                                                                                        SHA-256:372451E2F9B37EABCFF27EFD880FDB26BFDD98BE3EB0A7684D5368ACE635D1B8
                                                                                                                                                                                                        SHA-512:D91FB5D0B1957ED3E5CD7D1E4DBB1D9DCFF108A1EE7B84C9A4D1E161FDB27DED90A927BD8424DCEC4642D5E280788782064A9269D30C6A405CD95195EDC44A0E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:'...........e.'^e.'_F.t.e.'_...{....a,~1708533541,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/292d3bdb-fe64-4637-b000-944223e00c80.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1aga5kYNd65

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\97AE667565B6120DDEBF42730CC21468FE5AC36E

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):103
                                                                                                                                                                                                        Entropy (8bit):4.6731582080832705
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:dlmVdAu/rlljXvX3XDkySLYXqhJX8sX3u+llln:dlutTLXDOLYX2qsHHl/n
                                                                                                                                                                                                        MD5:05416C51E4CCB89DD59C77C0D39C94C0
                                                                                                                                                                                                        SHA1:E45F79ABCD60801FB13EE1C654E99289E9D0C71A
                                                                                                                                                                                                        SHA-256:EECCC8CD3781DE089DFDC4EA47B0B7D18572719F477F047A0AB66F8B4C31462D
                                                                                                                                                                                                        SHA-512:C81FAC33A1A343E3D5EA39BD7A2031C6EEEBF9B7CAD71A81511A122CE3AD43592BD383E6526A0003C3AB00EB86E9E60440C381D0ABED4587200C32F2D37CCBF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:r..2........e.'=e.'2F.]........,....~predictor-origin,:https://www.facebook.com/.predictor::seen.1.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\98F6427731AC22277959523CB6166E873B066EF0

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.044165257277293
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:icMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEck+LUci:UJvkmV2GnShxN4su3pztscNbZovEpT9
                                                                                                                                                                                                        MD5:173EB78F04B6E55596B143AEE1D2AD64
                                                                                                                                                                                                        SHA1:FAEF4A0354F8206FC7E6C296E1481E8942E077CB
                                                                                                                                                                                                        SHA-256:3B724583113E0CB5AC7F0DF859443B22C2FFAC85E5E19914E041108779B39F2C
                                                                                                                                                                                                        SHA-512:E5BA20D93142C12BCFCD6EEF5D7F84B687034EBF200A035E1D06644FFED1ED0E122A5B089CDA85CDC09325977587DDB663CCF3D26A8E8974CDCF48CE22136014
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:F..)........e.'.e.'.F.tGe.'.........a,~1708533569,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/ba1afd8d-4412-40e5-ae98-e5fe51056fac.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\9A264EFEA14C043A84240DE25C759F48DC6E10C3

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9331
                                                                                                                                                                                                        Entropy (8bit):6.122805318523087
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:zBpduN1xT4CHgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdpJR7dpJRH:u4dhJvjaanFhu7oiTaIdaphp/
                                                                                                                                                                                                        MD5:276B8C2D2BA01678CEBB588647205D29
                                                                                                                                                                                                        SHA1:F87D315203065F09C558890EF3384001C2456D78
                                                                                                                                                                                                        SHA-256:A2C0D9CB1A2CB096B9FC1B14319C97A5ABF99EDC8070E810F0128864351C3F1B
                                                                                                                                                                                                        SHA-512:896EE2C8FD28F46AF979E426CB5810E32E42A384F4767AF8A0FC3337DEFBE7535D568608AC594D9A7466FF68A816663CF54C09CD72C48F87DDB3DDB7E79A52F2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"signature":{"ref":"2xcuolhhb44h21fnnaxg95pj72","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"VDkZ-T8IDP0dBb9LIAXbvOdhi-5tRn0iyCOU42ByFBT6mxl_ItVvwcgFUAjVI3sbkJvloMWp3Unwy7e8ouCOoZ5eY4uuj8fvH1A2UMe3HFhNMkTsZekb303xHQyTy8yT","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"id":"cfr","last_modified":1708300804547},"timestamp":1699046525260,"changes":[{"groups":["cfr"],"content":{"text":"","layout":"short_message","buttons":{"primary":{"event":"PROTECTION","label":{"string_id":"cfr-doorhanger-milestone-ok-button"},"action":{"type":"OPEN_PROTECTION_REPORT"}},"secondary":[{"event":"DISMISS","label":{"string_id":"cfr-doorhanger-milestone-close-button"},"action":{"type":"CANCEL"}}

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\9E1BD84924A0E8A5BC63358C74B9B4D054CFB504

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16730
                                                                                                                                                                                                        Entropy (8bit):6.282449287774735
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Z/+n7VqN4mApqN3Xo70tNo+pwPm082nyFz/LLW:Z/+cApQHkKo+pwPo2J
                                                                                                                                                                                                        MD5:90550A3439F2A41265240B33C00AB00B
                                                                                                                                                                                                        SHA1:2197EF52182921D107A376BCD0004D9BF7D2EF0A
                                                                                                                                                                                                        SHA-256:0E4FDEF86D9702BCC48309E8850AAC3FAD70EE8E3C6C4B60DC7806069023F0AD
                                                                                                                                                                                                        SHA-512:47A514DDC50919F5DFCB994E0F0932F0F906DB6177B135DF96979D3CD9CDFB0D9A3C8D0D294E5667029797009B4944BFC1F86C1227A6AF3CF1DFB307DDABFB9C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.8.. .m...9$L3...g..#EVZl.......?..x"6v..s......@rkD.H.3k.....V.v....J....h5.;..5..8IX...K..G.|Y.C..<...T..iX>........H.....u4...f.? A...._..4.%$}......S&{V.V..BT.....b............xd..P.4.rB k.....z.cR)&.h....O...*GKS......'n..R..D......vv^.O.$.&.m.(.J..3..9.z.n.TP<B8.0M...,..S.y..Xt....=.y.7.=..).9z.c..}Y.....uG,k..n'.G..6y8\|....~.]..uWNy..s!2.r82.V.+.;..=..V/j.....~... ....0..tc-<...<J'..,.'...r....F....{..S.5..w...p..9.,....`.-;...WF.....M1.N.U#}..^K....:<..UY.....wj.kK..2....#>X.B...n$4......MX;..AJ...H...S.#.....c.....El.....S1.A.....?.d9~.M.H...V2..h.!.K...&.....a..7<.e.I..o.y.+.b.....P...Z..1...!B.u-...,...a.%`..B..8...^].av.#.B.v..s..o..0.)G..'$nQ......ln.t2R..,..Q..L.lT.[KHW..=....I..(.u.....OQ...(I.(.T..."%...,i ....n'{f..-5.ww.0.cGmI!..aU.+O."}....}.........G5)WZ?.......i..(Vy....).F.A............C#..........cS.....6+..|....:.\.%...0\cT-....,..,....J....J..#x...|C....=.....b.VX..5.)...P....t=(..,$:m..Z..b`..O..Yz..n." {..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\9F2227F98F812B06835F9D22E5A2DCBF7064D2B2

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):145414
                                                                                                                                                                                                        Entropy (8bit):5.300079215497765
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:dA2izZWUdYJlFQu6zVh7VzOh0Rc04zNUnoN8E:RKwgIou6zVhK0Rc04zNN8E
                                                                                                                                                                                                        MD5:5A6B541115D2B26FC08EA1188D1A49A3
                                                                                                                                                                                                        SHA1:018B3F4A2739DCF88EAED3B371C81A57CCA882B0
                                                                                                                                                                                                        SHA-256:85BE23EE7BB3A6C4141E8B753F264C26B4156489CF7314B70C8E1DD29B50A606
                                                                                                                                                                                                        SHA-512:863842CEB2D6DA17CABA1CFFE9EAD9F2F1163F3367841E044B4E836917131960B6C363527439C5140F50588554E289A9DBCCE986E350C978E0889BC54325EB1A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"signature":{"ref":"1526xz659wc2524fjnl5jmwrc8","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-04-09-14-36-39.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"0Rv3kTuT-IsyMl7_pOa_AfK1NVZapSxAIn0XNhUQyFqmRg7PNFKsPkkLtOX5c-_8xtHAkpEOsGXW4sw2oapELSF8Ri-cu8Glu-NRzaFX-OfaAAdxT6YutgA0KeLQVBbe","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEwsfTf5S2a2sekbOGwvfp1fzj+EX015Cbp8qoECAsPf3bIiOUBcpsPNrqE7CwENuT9M56G330NauFdbZuhlUOBbOWisNkg7ytb5xloJUDSUNPtm+vMLaNp+RQO9COPvWl"},"id":"nimbus-desktop-experiments","last_modified":1708446279357},"timestamp":1708446279105,"changes":[{"slug":"speculative-connect-sockets-with-lcp-beta","appId":"firefox-desktop","appName":"firefox_desktop","channel":"beta","endDate":null,"locales":null,"branches":[{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"valu

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\A100D13B31B3B47B8A440E86B5443E2156994819

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):836652
                                                                                                                                                                                                        Entropy (8bit):7.998796724428111
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:24576:RU5+yypiAf3Q5sQ2rveB3Rd0fXj9i+BZqYqrWx:g+yycAY5mrva3RdCjgYh
                                                                                                                                                                                                        MD5:C4E09D4830EFBBFDC61467751F187EC9
                                                                                                                                                                                                        SHA1:2D3922C5D9EBAD398A99500D5CC33B0B2DD39F65
                                                                                                                                                                                                        SHA-256:43309860780D7DC5214255AC3C6E6A60EC31A02DCE2D7556A532F59B84A61E8F
                                                                                                                                                                                                        SHA-512:427E7A913533683159A67ABC644824CD9BCCB767320540CE8A5BE355DF720B5043FF64E643A10E376E78018E1277887B16D8AA6266FC1167AD5E7C6BAE6E375D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......M.....f..W~)....,........Vs...U...!Vb...6....f...B.B...$h.v.x=..?..D.......;...........o y...*.w.(W#... _../.....u.`...Yq..u.."l.....E........h.M...'..xK.,<.O.....O.h...sy..(BX.[..M...q.......vc.4.L{..9>9..;.......$!..(....0h........s..?Y../Q.'E.,...V....pR...Fr...qs.....Q..T.kz-.........><..:..6r.....$.....(.....--...P.vK..&.d...xuJ6......2j..&oz..+PF<../...o...2=X......2....c.G..V<7.nt....O.!.{m;.}....LP...N|...U...3.).+.SW6G..l..B..u\...m-).9.r..j..nd_....h.*....kD.#.O.0.....;Z........{..4.g..;-+.w.=^..(.m.a/.w$...-....af&..........E~9...8/.....}...3K.2.[b....P.3.k.............N.rR.)..a.3...3./E..t..o..3>.....m.N...o...{..;.........B..~...W....S3..n(..|..Z...Nb.r";.iw.V.6=V..O.>g..k..^.....C=>5+.G..".37..Q.....l~.!...[8.X..+......}r.V._.o...PG.....V.2..._..\.8....e..m......o..&W&..THW.*P4+..........s)....4.....g.A.i........N..?3..{g.i..#.U.}.gL..........n..Gu.a.6.$X....b.n.{.4..9.....;=n..x.d.S:o.+.0.3.?&....V.....J..~.y....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\A108EA324C7BD736BC1763288BB59AF328426685

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.0419485444755985
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:bpMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEck1LUch:bqJvkmV2GnShxN4su3pztscNbZovEpiW
                                                                                                                                                                                                        MD5:06D699709B678BBA8955899DBDD7F014
                                                                                                                                                                                                        SHA1:709787FB55B21474680F4340B14C7C8F115C3FA4
                                                                                                                                                                                                        SHA-256:937D54BF905DD424EEB900C6B0FC1D1D377B5CA21BD7EBCE0F77C1D336827BD6
                                                                                                                                                                                                        SHA-512:0DCD4E7305C0F35598868CED199973AC1BE7D0DBA5ACA1FEF84EDF5DBEF770D34D67C9ADA0AB354431D3AA247BC392E8FB3C28F002695F1B0F1C7E59F3C19473
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:5yx.........e.'.e.'.F.tDe.'.........a,~1708533561,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/f5c2d345-4cad-4c1a-a51d-15d682036066.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\A398CFC829DD05CC6D4CAF6BB0834CC705BDC52C

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16595
                                                                                                                                                                                                        Entropy (8bit):6.240783538671049
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:m9CELTL+7VqN4mApqN3Xo70tNo+pwPm082nyFz/Lvs:m9ZHHApQHkKo+pwPo23
                                                                                                                                                                                                        MD5:76EE9766786A5CA6AE1F5594C7E6E735
                                                                                                                                                                                                        SHA1:9B8CEE13686D70A511EC8A7BDB402BC830FAB844
                                                                                                                                                                                                        SHA-256:4D56DE45AF632E5CCBBD1EC35AAB8D4B168B1E4486D3D95B9E8C37E2E14E74F2
                                                                                                                                                                                                        SHA-512:CB32B6CBBE4B2F3CF65E87A810A79CA2CE1ADC73551A46AFD7FA8FA464C4B8760D9DE7CC14FC1EAEAEAFEE26A5F35ED434008170FD0F0A1967063A07BCF79739
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..@. ......L1p![l..w.Q....M....u.0....[....,.......wq;i.a.~_[.`...`!..3z..U...;.8..pWY.r.so=...=.j.&...+.@\#.....?...,.`,.*.....q.......'.U]..U...?(...........}IO.ImA=.I..@.>-.....;...5en........9.../.5I...9.g8t..,`..=G`.L.D7..........3._9....@2&]m.._...R.c\o.3 .{.N..GC..*......E.GQ.....k.%...>.9..k.....Q..C./.. .P+..uK....E..p.....a.).&.....gD .....".D.Y....;_`...{.3@.M...K.T.,T....D.Q..O.Q..O>..?..b1.n..pfy...)..S;Ca@.M...6j.D....B2..P.60>.;....,].W\..Q........A.......L.3~.*..a.{.Y......7eH.E...~I>...Ps.\..Q.2...)...mn..\&.8..b...:{.3.e^....Si......3...`..,.]......X.5...O{...%_`...@.@....(.:U..@e.)`.T1U........\....l].o.@_+..QGhN.(F..c.Er.M..P.L2...p..|.....(2V..D...?...GJ...&..s..z(.o.....D...v#)S.......H..ZSJ......O....CU.......1.w.b.QM........e.'.e.'.F.t\g..M........O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/desktop/87423d78/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js.necko:classified

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\A858259C15269B8488E8006F0D0609FF19960C81

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):38725
                                                                                                                                                                                                        Entropy (8bit):7.668302031134461
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:vbRrJVMvBJMdBEuXKhQfZApQHkKo+pwPo2P:vZ/M5JcrKd0SQo
                                                                                                                                                                                                        MD5:A3B9D0EC75E81AA6E15D81CA19D61AF5
                                                                                                                                                                                                        SHA1:8FAC9A37772106F8553A7DF52DEC682FE59170BC
                                                                                                                                                                                                        SHA-256:07D1BC401B9CDD13AFA6B847A56E53A68596FA0546A96BD4D7AF3DCF10FFACB1
                                                                                                                                                                                                        SHA-512:6A52B8C4422F7ACFE42BEF683C454F74530DA32DC80183D54BE1517C108560AE0B5CB559ECA4E404403875E94803E5185AF669ED1F57AE2EA483D719252D25AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.f&....z.4...X.}......./.t.rcg.TS..s....!......%b.ci..R./. eY.u..&\..&.d...$.....ro.v7P...z....I.>.....Z..].u7 =...AR....K..J...#.lK..[.p.mO.!...w... 8...>d.h.[.5..eh~....l.L3.!=.w9.5...j.... .c..k...%.....K..+.7..N}.wQ.5...l....9..7G?.../c|f].Y..7{!S..'9...+B.Y5t.#...5..M.dp.> ..;^nD....0.D.a:DI.a..(.."v......|.7..5...tS.....d.5u.:.(.~k..kA.OJCU..Rb..6...\..$.E]....+..w.^7k... .2.l..y..^..&t.f...k.^.....?0`V9y.f..M.X./...u.:...`.*.k$IN..!..U.(|.%3o.......a(DZJ[...f..-....g*...An..E3.~....O..m.hI.RH{......*...w.R...Y&.....@.I.p....b.'.o....1@....!.dc.Bw....Q.$4...kAc..AR.`.)J.....S..k.I.?..wb..Fx....[o.j.rks..l..E.z.9.#y.o\...m.1~...........l.v.8z...3X.g[.<.<X..4..*.+6Z.......jq,..nD.2'...^!|.d]........i....o.__.....Uo....u....i....^h. p.+T.4..had.a..?......7_S.Qx..........W....`I..\v...F......6.....c[...=...{.,.&.(....2..g.T<y...r..zt}.U.[.F..pH.,~.](.........r..m... D...3..~.o.w....8.Y.j2`........&..... p$.v.......wOY..........

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\AABB5E0CA084179F80EF8048C4880BFCD1B3671A

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.044414359305077
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:1MjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckyLUcup:mJvkmV2GnShxN4su3pztscNbZovEpnp
                                                                                                                                                                                                        MD5:C91385A54C2E95BE2EE4CE08965341CA
                                                                                                                                                                                                        SHA1:77D3C9D2ADF55D31AB4E1306991A982E3E4D9211
                                                                                                                                                                                                        SHA-256:68911B20C2142D52A3832CB2D7FD65AE68C5494E0640AD1A6622C3CD80E1E706
                                                                                                                                                                                                        SHA-512:2A99C27683C51C1CFBB8200C7792EAE39629AC0FC537E7DB6589A13CA4E4384902E86D2008455F63564F6B0103A48A282DC0436F4DBE21A2E734AFA22603ADE8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:x..........e.'.e.'.F.tDe.'.........a,~1708533563,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/c64980e6-c743-4793-ba4a-89f593d4eb16.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\B3316860430DA0966649580110E85D2FFB7B5A61

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1116)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):82933
                                                                                                                                                                                                        Entropy (8bit):5.670887235404837
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:4GIr9iykWXc8VV4ucbxiyXdpGupDMbSrOLR0QZWtPWDG4nFjI9rkiDyVO9HI4Ckg:h45nb3nxQIiENg5Bi+C02byUlb8u
                                                                                                                                                                                                        MD5:B3BF11E18816756D4A8912CA05A6B99B
                                                                                                                                                                                                        SHA1:C26AB859DD2FD7C06E9565C11B83E163ECB93987
                                                                                                                                                                                                        SHA-256:76D4D6128CA8CF144F0E20EA90BB36619BDD2EE491BE102D6AD0061D175F4195
                                                                                                                                                                                                        SHA-512:FF8D6BC8042C65158D99A5D5AD0EA6D806FD747C19C4E410E7FD20DEE81CF4D6B50DDD4EF645EDFC2E08A62A28C4FDE92F7BA0F75AF32D220E7A2D62AD1A279A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */./* cyrillic-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. f

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\B51710A797F7AE68A3499952F3B2CA1C8DAECACA

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.0433950010247734
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:2eBMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckKLU/:2hJvkmV2GnShxN4su3pztscNbZovEp/h
                                                                                                                                                                                                        MD5:22C975E2DE452988C4BEB6ABC74E9135
                                                                                                                                                                                                        SHA1:BAEF64B8258E7F00C51EEFE662AC967E6E55C833
                                                                                                                                                                                                        SHA-256:5E45C26E8E220EA3D11697F53A665A2D738B3B45ED6C85889331A358EF90C5EC
                                                                                                                                                                                                        SHA-512:6A9A758B1E7FF0CD2EA21F9081C8CD3DE1FB7F28D5D14DF80526A17E18EA3AA62766C9A46BD8E1BD2828A48AE8E526433F159BA92E1FDB7F92E2A2EA57F5F232
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...........e.'ae.'aF.t e.'a........a,~1708533546,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/758d1c71-5fff-4193-9977-7a57afa68bf7.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\BAD027B31E519DD360F2884D44A24D68CAD821E5

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8044
                                                                                                                                                                                                        Entropy (8bit):6.0398679598588645
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:vMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckcLUcu7:YJvkmV2GnShxN4su3pztscNbZovEpR7
                                                                                                                                                                                                        MD5:5CD162E12B4F45361A7E72C469C237F9
                                                                                                                                                                                                        SHA1:010F5A7A4DB66E13295775ACBC0897E387F8124A
                                                                                                                                                                                                        SHA-256:71F925384F8156B394061EE817D117FC0224734378EC40EEAB33306E5751DC64
                                                                                                                                                                                                        SHA-512:929B4A29299D2DBDB5A05EDD3A3F7095395A91F53FC009114EC32791BB1F1F0113945FF2872C6F1020EF3B41BE575467BC03D4983B0D860EF3AD4952EFC0449B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:B:.E........e.'be.'cF.t!e.'c...z....a,~1708533549,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/6db12043-3902-4d45-8c5d-d992fbf6d4e7.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1aga5kYNd65Z

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\BE13857FAF251CCA8C4AE07311778B6623EF86DC

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):18388
                                                                                                                                                                                                        Entropy (8bit):5.817779212224011
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:yPwmZ/4L6dbuMBA62ukuPpinhJvjaanFhu7oiTaIda/r:xk+M/pCH2qhu7oWa8w
                                                                                                                                                                                                        MD5:65141A389A51C5151A9167E5D4B03A67
                                                                                                                                                                                                        SHA1:69368DA7606BB69BF5B6F7486D3242AD33258A88
                                                                                                                                                                                                        SHA-256:47C9120DEF0C4A0E0D6AE2EFD7D358494D4927E0619EA7B42B2FA062DD58CFFF
                                                                                                                                                                                                        SHA-512:424EBCA5FD1AEB2E40EAC1C0A1736BAB343F69766C9D8305643D61D8B692197DC90DE80445FC6C961907D2196CD1D7943A22FF74FE0C6BC1B7AE33BAD94E3574
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"signature":{"ref":"3sxgg1ah4an421obr0dsmnp0rs","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"-xGeEstPfIJ28hr6tg7ff17SPt4bb-48x3o23AG7TlzTVo6AWQPiYzSs_WzjdYDD46_AHzXIqShEr_giQw4kjFblJ4R1ZoUgLOJ-kdOIelaHfsm1br2ICbaSTAsD1uou","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"displayFields":["addon_id"],"id":"pioneer-study-addons-v1","last_modified":1708041616659},"timestamp":1607042143590,"changes":[{"name":"Political and COVID-19 News Information Flows Study","icons":{"32":"https://ion-extension.prod.dataops.mozgcp.net/Princeton-Shield-32px.png","64":"https://ion-extension.prod.dataops.mozgcp.net/Princeton-Shield-32px.png","128":"https://ion-extension.prod.dataops.mozgcp.net/

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\BFB76AE057440A16593FE08B2FE91F5D71B2F963

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8633
                                                                                                                                                                                                        Entropy (8bit):6.0981904928934245
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:KUBLfgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdIQSdIQN:rIhJvjaanFhu7oiTaIdaC5
                                                                                                                                                                                                        MD5:B0391DC19B420966D0A0E6ADDFB73819
                                                                                                                                                                                                        SHA1:56B2BDD6A48EC0FB789CA2984CBFEC733AE9EB63
                                                                                                                                                                                                        SHA-256:8BF50438E3969A4F9809EA71F05C763FDCB43FC95AFDF09DF8D4D80EB10571D0
                                                                                                                                                                                                        SHA-512:417EA5B130FD06F6B28AA8548244CD811625764627EC22F3FAF503838B6BCF7D29F38EB427C97BCFD5F4ABD4AF2F7AE9820B1B2E2B029451E1487AF1B361038A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"signature":{"ref":"11rufr35kqbk31bmg5n729kkoa","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"xgTVutOXxmWwBSW0E3gL_qtYiCHV5iFp8onHFZC1gP3AAOrXGjaPbzaXpDbP_82MN40b9cXndgp4Jynj4GoxRZ6Syfy7qEnSrzWBLZtb957yRoZ_J0p8eAnnrDror6uV","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"id":"websites-with-shared-credential-backends","last_modified":1708041610977}}...R..........e.'.e.'.F.tNe.'.........:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/websites-with-shared-credential-backends?_expected=1659924446436.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sg

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\C01425A73E10884AEF7072E5F96EAC6DE8E38E78

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1573178
                                                                                                                                                                                                        Entropy (8bit):7.999353316810572
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:24576:o1O22TCwmuQGB2D4aM7kJvJcWyJxQOvog/VrvkYwnnta7gl4qnSfM6A:K2TY1+2c7CvJ9KoKkY7K4qSfTA
                                                                                                                                                                                                        MD5:7F8BAE89C1BBA3ADC5F6634178771831
                                                                                                                                                                                                        SHA1:845D9D71AB92BE25820F81E9041D33D822FD3D74
                                                                                                                                                                                                        SHA-256:DCA5F0F70D08A9B55894D0A52AF3A47696B79C8A2C4209A89A2628A1433AC808
                                                                                                                                                                                                        SHA-512:575F46B2C2E51F7CCABE187E412DC876CF49D2FB087A1EB0DB7B75746E7DAE080BCE202DD16A6E0759E941BF49E62F1639AE0DF82C288361BB4056E66CF2BA88
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...?).......[u.....(.. .`.....y...... E.w.t...`T .n0.p0=..T.y.TUUU..0..m.3..>..?.?.".-(..".-(..".-(..".-(..".-(..".-(..".-(..".-(..".m.z.V.........{.4t<.^..-.._.yB}:.....z.........<.A..5.s.........Di.x...{.<.a]..5....]...^..Ei.x...{.<.Q]..5.+..\...^..Di.x.F.{.<.q].k5....]......Ei.x...{.<.I..5.[.N.....ODi.x.&.{.<.i..;5...N.....OEi.x...{.<.Y...5....<...>..Di...f.{.<.y=.G5....=...>..Ei.....{...E=...g..<...>./Di.....{...e............../Ei.....{...U....7.........Di...V.{...u..w.........~..Ei.....{...M}...O.n|...~.oDi...6.{...m}./....n}...~.oEi.....{...]}............Di...v.{...}.._............Ei.....{.|.C..u...........Di............c...D....l....n..F.m....o.....&1..Ln.S...1..Lo.3...f1...n.s....1...o..Z......,n.KZ.....,o.+Z..V...n.kZ......o.....6...ln.[......lo.;...v....n.{...........:...q.....G:..q.....':..Nq....g:...q.........q..\..W...q..\..7...nq.....w....q......z.....<..Oz....<../z..^....oz............>..|.._.....|..?...~.............o.#.$.p

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\C14EE552BC92A37C8C998F0DA253E64F9FE772D5

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10690
                                                                                                                                                                                                        Entropy (8bit):6.084275572290115
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:gOQs4axh6+/si6oJvUmtph56TGyFfbaI8j3qMpRAaYQG1RAaYQG8:ZQRamxuJvUCTyFTaIdEAaYQgAaYQL
                                                                                                                                                                                                        MD5:6F81F5387AFCD9B3E28EE9E547736101
                                                                                                                                                                                                        SHA1:87499D436B6F6634DCAC2D59161591F6A538B32B
                                                                                                                                                                                                        SHA-256:61766AFE2976C4747A111A05C15758436533DABC8444DB0509A2E9BB1980CE5A
                                                                                                                                                                                                        SHA-512:83CC78BC69C1D2A5C8A8FC9C29F148A8192156A7310C6B6E0087BA59215FFB4876FEEEF0D93C74326019DC190C9631B61D9C48D5B0433037D2679D026EB8B48D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"page_size":25,"page_count":1,"count":0,"next":null,"previous":null,"results":[]}..K9Lt........e.'Qe.'\F.t.e.'[........a,:https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Camazondotcom%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cwikipedia%40search.mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org&lang=en-US.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAbVMIIG0TCCBLmgAwIBAgIQA47lgwap6xyAEGMKt+e+IDANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU0MFoXDTI1MDIx

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\C57F54C80201C51BD93544077924F84BB54C55BD

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):82084
                                                                                                                                                                                                        Entropy (8bit):5.709058744673273
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:UYKrkQECPot32qKFAlHAEAOBsf51AkSAoA3ABAkWAyaUAtAm/vAIlAX5E95M2+ed:UYKrkQECAt32qKFAlHAEAOyvAkSAoA3W
                                                                                                                                                                                                        MD5:A30A6BB6B765D45996B8FC9C0DE8B0AA
                                                                                                                                                                                                        SHA1:B0D92D82BA6FCAAEA4921EA68296EABD74B05FED
                                                                                                                                                                                                        SHA-256:468CE3514B73BC568A73D8DA5F579853A72142E5ED7DD9C952E11495AE2EFF28
                                                                                                                                                                                                        SHA-512:D994BBB8C5FB5010BA665A52FA2BE4701F8729A66AA9DA9C31EDA126BD0434CF3818CBF70C79C3DC839C56142B86181D5F3547743AA9FBCBB8DD0C3E8C21AD9A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"signature":{"ref":"2x2kzzhjssqa9aypmngii7pt4","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-04-09-14-36-39.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"CrXnWu7S4qZDX9x13pGXaiDDpbb9arwZBUWu0lxlepKX8U0nMDMuW9sFf-eASzOPEyLKMn4pvA34tp9qva_IkJvFxOVK5jYBqe2Og4aFEy6yTLEAaPq0N8WV3tj0c4_T","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEwsfTf5S2a2sekbOGwvfp1fzj+EX015Cbp8qoECAsPf3bIiOUBcpsPNrqE7CwENuT9M56G330NauFdbZuhlUOBbOWisNkg7ytb5xloJUDSUNPtm+vMLaNp+RQO9COPvWl"},"displayFields":["id","name"],"id":"normandy-recipes-capabilities","last_modified":1708474596345},"timestamp":1708474596141,"changes":[{"recipe":{"id":1364,"name":"HB: 2024 Win7/8 Device Migration (Win 10/11 EN-US)","action":"show-heartbeat","arguments":{"message":"Please help make Firefox better by taking this short survey","surveyId":"2024-win78-win1011cohort-enus","learnMoreUrl":"https://wiki.mozilla.org/

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\C7C6BC53EB2EF9987356C8FAA78073A25B5B9080

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):19474
                                                                                                                                                                                                        Entropy (8bit):6.762787778165106
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:x/mBQK9Bes3PiYF7VqN4mApqN3Xo70tNo+pwPm082nyFz/Lzd:xwQFk6HApQHkKo+pwPo2G
                                                                                                                                                                                                        MD5:DBD3798F9F90D908D84103CC636D6D1F
                                                                                                                                                                                                        SHA1:C31A6F253728D2BB0C55D6BF7E6B1EC3B1006357
                                                                                                                                                                                                        SHA-256:9C2A44813825DBD240AB355B11360A05723D9596D0568625781D54A5C4520D9C
                                                                                                                                                                                                        SHA-512:E7CF313EDE56F5002DC6B357ADF9C44875FA30A7A0CC8CBDB0653AF1F052988774CF904B99D1208E720FE6CACED9804685506BA0DB6E594A7AF3B1341844B077
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.H-. .-..?/.C.....3.,J....u.EQ...6..`....K.g{. ..4.....t...j.Z.sk. ..t..'x.|...e.C...!.6U...LQ..6.4.......P......i..]......i>.&:G%..b.......<.d..Q...A9.c...R..f>9T...B...YU...~7..:......F....z.MH..$.... .aU.V.fg..b....H_H.R..U.........P%L.S)......)...oY....!....< .....D+.L.....|Ew.f...n}...a9...).5...e}=....iU-+....|.H.o..M..N....^.$C...NU..4.k..I.7*....O.'.b.w.....-B.r.X.....i.6u.'...W.t.6.L.4".mB.9.S..h8..V.ltZo*.('a$.#.Q4....}g...vn.3&....[90..(p....<....3.Gw.>.......\.l..Q.7.+..P.".m.......ve.^.V.r.M..j..~#CK...U..}.........U.[....jl>...M..um......YW....-.@.A...a..tpa.{......v......"s..B....0.t}G0Z..{.x)...3..\.5..mb.!.E..9$^..l....].I..`...i{`..r..r..&.Y.QNl}9.2.....2Y..-..0`vHL.w7x....odcHV...r..L@..Z.).0.&....v$.+.. ..9..M.0.F2..ei6...(f..N...%.?`.z..;......4...m43.,.`......C.d......).$`..h|.k..&l3^...6.^m............l.. ...y[N....Ya.u]m.J....x.9.w..i..s..F..w.c......j.fLh.m...1B|..Z..?.0..Op\....W..;.$...4D..Xn..r...,dnT.h......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\C7EEE2FEC129505C5D6BE8D600B235DE5E26EF13

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.045998206539093
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:3HMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckYLUcQ:AJvkmV2GnShxN4su3pztscNbZovEpd/
                                                                                                                                                                                                        MD5:DA41A2B63A7AED607851138EB5CCA6C8
                                                                                                                                                                                                        SHA1:D14A328CC7A8686816753E16DD426468DBB45619
                                                                                                                                                                                                        SHA-256:3BDA48F063B5A7F3E28F61549CF98D3560A050D7AA5259E9F8544868A35A177D
                                                                                                                                                                                                        SHA-512:AF72677C32033F2DDDF51EA770A80D277C2D0246158ACEA49830B400933BB56CC244E3AE320DAFF9813C41E60C10E7269CEEBA8AA2B1D9F8FEC6F5728819B034
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...........e.'_e.'`F.t.e.'`........a,~1708533543,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/12672553-cb8c-4210-ae02-a59c1a541208.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\C886C15B36E63849FB9E86DCC97456303F590459

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):106
                                                                                                                                                                                                        Entropy (8bit):4.50914332929051
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:fi/lmll/B6H8u/+lljXvX3XDkDKVJ3uDVX8sX3u+llln:aiB0cjXDkw+qsHHl/n
                                                                                                                                                                                                        MD5:0ADE757C481E0592CB930B6A232B12F2
                                                                                                                                                                                                        SHA1:A88C955765544FD5039051F73EA65E89F5CA107E
                                                                                                                                                                                                        SHA-256:0DEEA15211BB829AB5C3D05AB9C55B229415C764624064CC30AF5A27A827B05B
                                                                                                                                                                                                        SHA-512:A1615D480634E32CC98F96BA681DFEEEB936A92513413D24BDE9E44CB1A15B9F83A0D0156B4D3B2A62FF8B8466E22C46ACA6C9519F24761F817E5C4E15FA328C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:P{c.........e.'2e.'2F.t......../....~predictor-origin,:https://accounts.google.com/.predictor::seen.1.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\C8A0038CBF646EF8976D3F18074D209A1EF6AA80

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8582
                                                                                                                                                                                                        Entropy (8bit):6.095021739782654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:0QOBwT4gaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdMqadMqA:thJvjaanFhu7oiTaIdasC
                                                                                                                                                                                                        MD5:47830266160E7F9AC32E893BDF9AF569
                                                                                                                                                                                                        SHA1:14C40A0EECADA0B6E7B1929A8F94ECBE9166BEB9
                                                                                                                                                                                                        SHA-256:A04737235A27D88881C24CDB3FF9973958A47D0D37B305FBE8184E82FD37ADDF
                                                                                                                                                                                                        SHA-512:1E916752AB21F4A9C56F4254DBF1DCCE4748D8096D8FD37B73B65496751B7A53CB8371EC5E897DC935F162AA4418FA6D2EE3982C881A7821584C42007A6D64F8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"signature":{"ref":"2wyvapgygdnqx2e95kpjamyk8","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"IghkvGveEMvteLqgP9lraDwsqPPCcU-5gEEU5-pIVFKDdlxMZTFjIDPPFuaywi5dp6NwOn4boQe74koTT4o4grI5ip4Jcxct-x0fnc1Enq-GTR-okhCMpCICFXKvAXxz","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"id":"password-rules","last_modified":1708300806966}}D. ...........e.'.e.'.F.tFe.'....q....:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-rules?_expected=1679600032742.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAXxMIIF7TCCA9WgA

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\CC230D350F313FAE2988A4DBF98AE3240CF50240

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):58859
                                                                                                                                                                                                        Entropy (8bit):5.534488308057188
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:PwrmICQAVmOcKxb07ukcVSJd60tM9DaOedtCIBqmH2qhu7oWa8MCj:ZTwOcg07ukcVSJd60sxe2IBqDoN8MCj
                                                                                                                                                                                                        MD5:98E85A5D2DA39CA43716B8E1F1803560
                                                                                                                                                                                                        SHA1:66587DEF4E78934DF000D27E766639FB8B691255
                                                                                                                                                                                                        SHA-256:8FD8F4F328B38889962D99292A5201386A00AA8BF4F55056BE7081C8B701413D
                                                                                                                                                                                                        SHA-512:8B478DF3A312109C6821C54CDDA9EDF6976F564AC29D7BF6EEE6D94AD622AF3E34512EDD73B2CB933D6F22006D298832E9866A569CEFA29B6DD894DE53693901
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"sort":"domain","schema":{"type":"object","title":"Cookie Banner Rule","required":["domain"],"properties":{"click":{"type":"object","title":"Click","properties":{"hide":{"type":"string","title":"Hide Selector","description":"Query selector for element to hide while handling cookie banner. Defaults to 'presence' selector."},"optIn":{"type":"string","title":"Opt-in Selector","description":"Query selector for opt-in / accept all button"},"optOut":{"type":"string","title":"Opt-out Selector","description":"Query selector for opt-out / reject all button"},"presence":{"type":"string","title":"Presence Selector","description":"Query selector to detect cookie banner element."}},"description":"Rules for detection of the cookie banner and simulated clicks.","dependencies":{"hide":["presence"],"optIn":["presence"],"optOut":["presence"]}},"domain":{"type":"string","title":"Domain","description":"Domain of the site the rule describes."},"cookies":{"type":"object","title":"Cookies","prop

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\CDA62003B1B987A64F1FAC75D1484DBFF94F08FB

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8031
                                                                                                                                                                                                        Entropy (8bit):6.086837611433294
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:SkgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdsxdsB:ihJvjaanFhu7oiTaIdaK+
                                                                                                                                                                                                        MD5:8E59C1125B313AF54ADA020297BC5721
                                                                                                                                                                                                        SHA1:E9222D564D4F24450EF8E6C00B2EE3FF3A1899B9
                                                                                                                                                                                                        SHA-256:210A67AAC6CFB6D965224ED48D6AF6470C8EE3DA525179DB621152C17A2C5AFA
                                                                                                                                                                                                        SHA-512:17937F66D0B6CED9C0ECDF87D445B4BE8B2114F9432EE7BA376E353416E93B1032469671482037EA4684409B7CBECD2493129E9AFEC4A1A8F81F4EB117E43689
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{},"timestamp":1708523829407,"changes":[{"id":"1611c176-3998-f3df-07b7-c1858138d48b","last_modified":1617030573137,"bucket":"main","collection":"whats-new-panel","host":"firefox.settings.services.mozilla.com"}]}U...s.........e.'Pe.'PF.t.e.'P........:https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=whats-new-panel&bucket=main&_expected=0.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAXxMIIF7TCCA9WgAwIBAgISBFpDlXSABCsegqMcb4clNVchMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjQwMjIwMTUyNTI5WhcNMjUwMjE5MTUyNTI5WjAmMSQwIgYDVQQDExtyZW1vdGUtc2V0dGluZ3MubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\D059FD0322F695507887307109721C11AAD75FFF

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):113
                                                                                                                                                                                                        Entropy (8bit):4.771667860846028
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:rE0hUd8ullXNWbdUyGLk8rLtPSKVIDIIt:jCEbdOx0KVst
                                                                                                                                                                                                        MD5:9E0C3903789870A222645658E5448BBF
                                                                                                                                                                                                        SHA1:48D56D69E5A5CF95951C7D63A5AF388005EE60AA
                                                                                                                                                                                                        SHA-256:6ABB82744D7FF8914970480490D31722997BBB2850827C652C05E784B3A9EDB8
                                                                                                                                                                                                        SHA-512:3728D595F70CEC6F886C9F4005EF1A79A0DE61F1F958A434B9E198295DA553C55312AD35F77B612B764F716B78F75BC51AC3C249BAA0A08F63EC67CC27BB58BD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.>..........e.'^....F.t........H....:https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip.....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):35420
                                                                                                                                                                                                        Entropy (8bit):5.08636672292605
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:bPtFYceo3KtwnY9nR+eXHxoZ/HJkNTBdHOT5Qhh7veKnt9KZZ:5eo3KtwnY9nR+eXHcHJk/dHOTij75gZ
                                                                                                                                                                                                        MD5:5D74BAF625E4AE7B8C53BC82F5D2D378
                                                                                                                                                                                                        SHA1:7E17E8040F9D5DD5A308002E24F6C41A670DAE3D
                                                                                                                                                                                                        SHA-256:568E106B5108CE624CACE661EBD9CD747EE8B2C679CFFB83809064CC53B88C30
                                                                                                                                                                                                        SHA-512:471D42FDA52B1B6A15B737592BDE85E00C4607E3205670FECD6F73708DB498F26E21629B8B093FE0A204FEB8717F0450981290CF49EF5D0C1B37218B5C2CE5B5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:<!doctype html>.<html>. <head>. <meta charset="utf-8">. <meta http-equiv="Content-Security-Policy" content="default-src 'none'; object-src 'none'; script-src resource: chrome:; connect-src https:; img-src https: data: blob: chrome:; style-src 'unsafe-inline';">. <meta name="color-scheme" content="light dark">. <title data-l10n-id="newtab-page-title"></title>. <link rel="icon" type="image/png" href="chrome://branding/content/icon32.png"/>. <link rel="localization" href="branding/brand.ftl" />. <link rel="localization" href="toolkit/branding/brandings.ftl" />. <link rel="localization" href="browser/newtab/newtab.ftl" />. <link rel="stylesheet" href="chrome://browser/content/contentSearchUI.css" />. <link rel="stylesheet" href="chrome://activity-stream/content/css/activity-stream.css" />. </head>. Cached: Wed, 21 Feb 2024 16:39:45 GMT -->. <body class="activity-stream">. <div id="header-asrouter-container" role="presentation"></div>. <div id="r

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\D571BBAF93D98B1EFDFC94A791C6232B2468BBE5

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):79398
                                                                                                                                                                                                        Entropy (8bit):5.393226731032922
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:WwNUVzjw3BMZSJehg8EsLDkMnCszSYRK6vcmeH2qhu7oWa8e:3UVzjw3BMZSt8VcMn7VTvLLoN8e
                                                                                                                                                                                                        MD5:07041B871A3B20129270829EEA36CCB4
                                                                                                                                                                                                        SHA1:26D560188F90074D9D40BE6F6C00F32C36F36B47
                                                                                                                                                                                                        SHA-256:4CCB35C33CAE875AC7E3C5BCA6A34D9E5D0D5DE572B7BB0A0C26859B4AF54987
                                                                                                                                                                                                        SHA-512:FEADC7EA368C3B2283F9AD9FEA923AED899C7A0C3A257498DBE3932336810E358F8410594CBCF282CFA936242A307463F02FD56F88FC3FD06618624BC2583519
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["name","version","fromLang","toLang","fileType"],"properties":{"id":{"type":"string"},"name":{"type":"string","title":"Name","description":"The name of the language model"},"toLang":{"type":"string","title":"To Language","description":"The BCP 47 language tag that will be translated to"},"version":{"type":"number","title":"Version","description":"The version of the model"},"fileType":{"enum":["model","lex","vocab","qualityModel","srcvocab","trgvocab"]},"fromLang":{"type":"string","title":"From Language","description":"The BCP 47 language tag that will be translated from"}}},"signature":{"ref":"6l2fz9kn1itzn2jt8iu1ix6x","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-04-09-14-36-39.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"jjbe2SbJ3p5ZHnh0ZiYZBMuywBKzBDoUpRG3DWgM_wUltcC5nJIm_z2a_geEu-LDTQsgtb_F3Mr1VHZ0t0s_l9UnHlPZMOkLXXHapPnoAG

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\D653C5CAC37C8131A9269F806C2BD86C0FFD85FF

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16726
                                                                                                                                                                                                        Entropy (8bit):6.278711438885654
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:eXk7VqN4mApqN3Xo70tNo+pwPm082nyFz/LQp:eXVApQHkKo+pwPo2N
                                                                                                                                                                                                        MD5:538832E9C810D85BE1D443B318197EC2
                                                                                                                                                                                                        SHA1:6FB32DCBF9A4E47DDCC6438662E32277E1ACCD7B
                                                                                                                                                                                                        SHA-256:FBB5D4BC86DC559F2A78AD2C2716E17642C71D35941255FA84622D16EA505662
                                                                                                                                                                                                        SHA-512:FEC39AA17DA4D9AE0494ABA680F28E407A210F06E2064B8437032E0B4E091A0FF596346E2296D71E61670005085AFC1CA37E97091787B806EA3338EDD6806A0D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:... .6.V.@>..TZv.8I.....~..$b..IR_y..z.BY?...tr.Q.Ogr..1........l....X.SS.-..61.!...6<...a3...w..[o.]..$$.n.u..ba...G...y}.[.Y.*'..N.v..Z;.i..8.<.FV.x.|.................1.i0.n0.B.<.U..:5U...kbp.{N2...p.]......./.....bLs....cd...7.R.......}.....<1.....[].T..Q...4....ub..._.$...W..D&.............d...+!C8~..$@.x....E.)........e....%r..Oz..#I....,..|Xsc.z'=.|....b..i..5.(..m.8k.t...b.R{.mM.5$=Xx.C...P.k..A.:2..](H...xh......w&..x..c.....5..{gL_QV.._.[.3X.~..E....F...'.F".1.Q......<...6.. ..|[...=..UtO...u..~_....,..Y...1/BI.s..A.....)toF..x..@u.YP.l..."a.|$..RlU..xhG..(.W.r5F...P...B..IXb....e...t...*V.PI.z+.......'..."c#.......Ct.sO.~.@.Qf...e......=....Dj....9.Y.0....*..z...l..$9...9...A....aAw...L...~.0....\.I...T.Vk....8..y]..u...H......%..vZ/n.?..<...<.UP.J......:qP.,..X]......k........G..Rh...W!.B.4....9....M!..i2R.y.-..l...LfEa#........E..V.RQI..x ._1B1..<.~.pr&.$...c*.4r.R.*..i.Mi.1n\..vP.%.......8e.Y..!..r.q.3.y...dk....a./.X.~.X....L.......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\D8F95CC87A432CACE4AEBE1FE9A35D3C8CE61D1E

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SysEx File - Casio
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.043688723454673
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:IMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckkLUcuj:tJvkmV2GnShxN4su3pztscNbZovEpZj
                                                                                                                                                                                                        MD5:73827376058240B3A01AEDC5EE5603AD
                                                                                                                                                                                                        SHA1:80F3832443175E3F2A6B00922EDD5252AD23CF22
                                                                                                                                                                                                        SHA-256:5BAEAE7780AAF1A6B6A5F5A7CB63E38A25A0D7AD7963120209BD87060DDA232A
                                                                                                                                                                                                        SHA-512:225E733B6E88A63AB144709BC67D8AD25F6883DF5EC55FFEC0F7C541F3456327F45FB69441F9DDC728CE7CE26B5BE01F32982AD39550A7DD754820D20E61B667
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.D..........e.'.e.'.F.tCe.'.........a,~1708533559,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/7a27ea16-e265-40c0-823c-0125abf7d855.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\D97B7D6D9D9FD9936BF0C2E83C7DFEF650CED99C

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8047
                                                                                                                                                                                                        Entropy (8bit):6.042990608793827
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:e/MjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckxLUcJ:eoJvkmV2GnShxN4su3pztscNbZovEp+a
                                                                                                                                                                                                        MD5:8786D63ECB9FEDFDADF99EDAE60F7652
                                                                                                                                                                                                        SHA1:E4C65F2BEF287E8517C4510FA429483B540F3043
                                                                                                                                                                                                        SHA-256:206AF682DCDBD285B286740D2C430BB41237B55B1B2AC08DBB1822D6EB8DBCB1
                                                                                                                                                                                                        SHA-512:94FF70E3762B4DCAA880C6D79E911485A2D8BD376D4C92FB88ED66106B4ACE27361CC269254E9814BD3B68BE936AC7B9A40AA4B0E684446CCE5ADD6840A32941
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:B...........e.'ce.'dF.t"e.'d...}....a,~1708533551,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/top-sites/1/054622d9-6ed7-4f25-87fd-b3a9cd668b65.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1aga5kYNd

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\D993DC4A03D06BAA4BF6E42DE4E28BC5FF6D7F0B

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.044185189302419
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:yMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckkLUcuj:3JvkmV2GnShxN4su3pztscNbZovEpZj
                                                                                                                                                                                                        MD5:C8B44DCD8EE7CC496BFE057747E60DE9
                                                                                                                                                                                                        SHA1:0FC73C07900A2BA418DA4B1494976F197D2D90F7
                                                                                                                                                                                                        SHA-256:1B5872233634DFF95C4FC81329B09CD095C7304ED35290A9B9E48AF4D05F3AAE
                                                                                                                                                                                                        SHA-512:AE31F6FAB34145F6D2E56D1B07D9F6837147D7F442264BBD2DE731E6FCDA1AF31252F1AD1008D2CD76AE93EAB8C293D3EF7BA6FA405D91028C07B6F68E724461
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..A.........e.'.e.'.F.tCe.'.........a,~1708533557,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/5e0297e1-aa9b-4634-aaf1-cfd1f718b993.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):15657
                                                                                                                                                                                                        Entropy (8bit):5.830583397048996
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:63/CCBm4CsBJumwOGmnOqiwpJibAKGb9CqwGJgusYQHJLusYQHJd8jjt8+RZFPPJ:OHPnIwyqwGJgudGJudGItLLC+F
                                                                                                                                                                                                        MD5:649C58CC56979CCE46795D6D91FCAB17
                                                                                                                                                                                                        SHA1:7483AB54E4220AE97D0E20D6CC2A4E5619A23F88
                                                                                                                                                                                                        SHA-256:EF17D91592BCD468D6BDD06AE0A5CD942CD04EA4E7B98DD8FA28438801515813
                                                                                                                                                                                                        SHA-512:44FC53B035E80094B6AEEA07790FE5FD1800A2F8C22C73B19D8619B69E67EB7CBBE9E7BA584AFBA067E06CDEC39D55500E86DBA4B326656490A42B66F6402164
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...## These messages are used as headings in the recommendation doorhanger..cfr-doorhanger-extension-heading = Recommended Extension.cfr-doorhanger-feature-heading = Recommended Feature..##..cfr-doorhanger-extension-sumo-link =. .tooltiptext = Why am I seeing this..cfr-doorhanger-extension-cancel-button = Not Now. .accesskey = N..cfr-doorhanger-extension-ok-button = Add Now. .accesskey = A..cfr-doorhanger-extension-manage-settings-button = Manage Recommendation Settings. .accesskey = M..cfr-doorhanger-extension-never-show-recommendation = Don.t Show Me This Recommendation. .accesskey = S..cfr-doorhanger-extension-learn-more-link = Learn more..# This string is used on a new line below the add-on name.# Variables:.# $name (String) - Add-on author name.cfr-doorhanger-extension-author =

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\E1689C16E39BD7F1A1C524D6EFAABC500408A44A

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8047
                                                                                                                                                                                                        Entropy (8bit):6.04318061533089
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:wOXHJvkmV2GnShxN4su3pztscNbZovEp+a:x3JvkaVSt4b3lAc7
                                                                                                                                                                                                        MD5:E643A9F3C3ABA872A6274F263185F659
                                                                                                                                                                                                        SHA1:EAAAD9DB4FABE78F05E29F7F9FE26B5E5C242F61
                                                                                                                                                                                                        SHA-256:18FD6981F6A4ADBF154C3C390E22B8D85EBF42456C8764D85E6530DB1B41FA4E
                                                                                                                                                                                                        SHA-512:DE8881F62E2514012C8B52A5A8D222956D40AB93EC7FEE59D5FEFDEA3E79F84FFE17AE4E7EB67744911E92619990578FFA4B730E78E75C912A826AF85B75570C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:s...........e.'de.'dF.t"e.'d...}....a,~1708533552,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/top-sites/1/59bd13a9-8183-4ac7-8723-9621ae6d3748.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1aga5kYNd

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\E223FDB048800270A7C9D21E1C9A73119EA92BA1

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8044
                                                                                                                                                                                                        Entropy (8bit):6.0441488179502585
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:dJvkmV2GnShxN4su3pztscNbZov0pNONq:dJvkaVSt4b3lAsPgq
                                                                                                                                                                                                        MD5:EFC43C72EDD8A8A70988CC5DBE4317B2
                                                                                                                                                                                                        SHA1:C6613B47295C521BBEDE186EA0D2A5B535415A7C
                                                                                                                                                                                                        SHA-256:757DD3781D6DD5A1E4CC891729A3E0B78647145DB67B43BEAE629595DB054B25
                                                                                                                                                                                                        SHA-512:780BF1C87A3090C3C393F39581E299E23811A1F943A9AF6DA1C5733C24878576418AFFAA697DD36553B6343C6121EC45A009053A4F2C4D608810C98B81F3738A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.'.P........e.'\e.'^F.t.e.'^...z....a,~1708533538,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/3e6f0371-71b6-4f22-a51b-cd59a6a2f8d6.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1aga5kYNd65Z

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\E2E2DB2F02258A8F9FEF833AA106B9511B475D18

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8714
                                                                                                                                                                                                        Entropy (8bit):6.102481204473544
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:vBtgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWd+FLd+FL:khJvjaanFhu7oiTaIdaEQ
                                                                                                                                                                                                        MD5:5B6856C386B932EE3B114975497B9735
                                                                                                                                                                                                        SHA1:96AFAD7216F049536CCF5AB0F9DBC40325A61DA4
                                                                                                                                                                                                        SHA-256:3BF89E65A4F42A8B473DF04D4AFFB5010847E394BC93DBB0B2B4E9964FCD0BAE
                                                                                                                                                                                                        SHA-512:E99E3FBDA205528D70BCAB38642F17760EE86D07049EC7BA6F2331F2CB21FBB7B12D7EF152B288859DDC4F787D99CE9D426B7099D03C12D5C3518021EB1D9D42
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"permissions":{},"data":{"signature":{"ref":"17rulcxfyfmye2typue5j0afwb","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"jvmCnaV-W5c0Ffu4qd7mmb0sfSdZnBJQpcd7oBEKQODSbQ3jJ_ttzwzPvvCvUSdD8-2CQb5Z8v2KADBLNw184G2726eiq6ljNVRl5LZTkDCDht7hU47hJr1eNkJk_-Dg","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"attachment":{"enabled":false,"required":false},"displayFields":["thirdPartyId","overridesId"],"id":"search-default-override-allowlist","last_modified":1708041621125}}..3...........e.'.e.'.F.tJe.'.........:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-default-override-allowlist?_expected=1595254618540.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAA

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:PEM certificate
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12981
                                                                                                                                                                                                        Entropy (8bit):6.042335320884355
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:HcSpnvPcN9O/kqz51CcOm4pOqsqwJLvcs2cPLcs2cPn8jjt8+RZFPPQ1Pi3XiNs:H3vPu9fiGLm4pU3cncPLcncPUtL2VAH
                                                                                                                                                                                                        MD5:80AD1A496424D73CD77732973B34BC9A
                                                                                                                                                                                                        SHA1:FFDB3A390D3679ACB66DCA07FC0F7942FB3879FC
                                                                                                                                                                                                        SHA-256:204580AE117CB485840B86488408346D6D34AC597015193EB619912318327038
                                                                                                                                                                                                        SHA-512:A7468CD0A49071502F1ED10B5D0FB3776E554EF5D934BD38099139608021E46B3C0FD43BE61CFCF5124DF69783344FE0D35221F1FDD80DC871EFA3EFED8EC2C1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:-----BEGIN CERTIFICATE-----.MIIDBTCCAougAwIBAgIIF7VKXYI9wGUwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT.AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp.bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u.dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v.emlsbGEuY29tMB4XDTI0MDEyMDE0MzYzOVoXDTI0MDQwOTE0MzYzOVowgakxCzAJ.BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp.biBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMRcwFQYDVQQLEw5D.bG91ZCBTZXJ2aWNlczE2MDQGA1UEAxMtcmVtb3RlLXNldHRpbmdzLmNvbnRlbnQt.c2lnbmF0dXJlLm1vemlsbGEub3JnMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEwsfT.f5S2a2sekbOGwvfp1fzj+EX015Cbp8qoECAsPf3bIiOUBcpsPNrqE7CwENuT9M56.G330NauFdbZuhlUOBbOWisNkg7ytb5xloJUDSUNPtm+vMLaNp+RQO9COPvWlo4GD.MIGAMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAfBgNVHSME.GDAWgBSgHUoXT4zCKzVF8WPx2nBwp8744TA4BgNVHREEMTAvgi1yZW1vdGUtc2V0.dGluZ3MuY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwCgYIKoZIzj0EAwMD.aAAwZQIxALkbKiC7VVovqH1uVcJu148tAltkdzAw7zHe7iqd0PzbYKoDceWJcH

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\E8D08DAD0FB6E27145709A42880F6C81F3BE873A

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12052
                                                                                                                                                                                                        Entropy (8bit):6.016842432029047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:YKCJy5JIJ6stInknB9JssJ9ZJ9eJHlJ9OJy9xZgaQJvjmVPnZQyaF+y/GO6oifbV:YKCe6IRcj5+Tuax6hJvjaanFhu7oiTai
                                                                                                                                                                                                        MD5:97199D6F0502E1AFF8A5EDAA196AF24D
                                                                                                                                                                                                        SHA1:6443693D09C224E8F599D3D47431E460035AF280
                                                                                                                                                                                                        SHA-256:52EC0E22CCE62E47D8313221146AD48024BE01EDB38EFEFA85F46B38E612134D
                                                                                                                                                                                                        SHA-512:049B9E159B712CA77CDFCB3B1805192156A2D745AC7E2D7EA31793DDAA0B5A11CBE9856D57DDFE2838025C9DFF069522CDF756ADD1C3C4A67080E49F64E12D65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"sort":"-last_modified","schema":{"$id":"http://example.com/example.json","type":"object","title":"The root schema","$schema":"http://json-schema.org/draft-07/schema","default":{},"examples":[{"id":"US","providers":"cloudflare-global, nextdns-global","rolloutEnabled":true,"steeringEnabled":true,"steeringProviders":"comcast-US","autoDefaultEnabled":false,"autoDefaultProviders":""}],"required":["id","rolloutEnabled","steeringEnabled","autoDefaultEnabled"],"properties":{"id":{"$id":"#/properties/id","type":"string","title":"Region ID","default":"","examples":["US"],"description":"An identifier for the region compatible with Region.jsm"},"providers":{"$id":"#/properties/providers","type":"string","title":"Regional providers","default":"","examples":["foo, bar"],"description":"Comma-separated list of provider identifiers, referencing doh-providers collection"},"rolloutEnabled":{"$id":"#/properties/rolloutEnabled","type":"boolean","title":"Enable rollout in this region","default

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\F62E86A38A88FC9B7F09DB5028F42A3A65D138C4

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.043859568457158
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:rMjxbI2czmgQX2GnS1Vdg+BGsVQRipyTgdIffpA8tsxMbm5uZGebZovEckHLUcuo:EJvkmV2GnShxN4su3pztscNbZovEpso
                                                                                                                                                                                                        MD5:A5857EF3431CFB2F1A04602426516842
                                                                                                                                                                                                        SHA1:7F279852EBFB86BAB6B8DA72B2F6B7CD7AE44467
                                                                                                                                                                                                        SHA-256:4251E9CAEED705AB2FAAEC41657F3E64362F6E836C9EA9A53671A5F31546C458
                                                                                                                                                                                                        SHA-512:960C77F35472C9A0C9AF91C71ADCDF5D332E58B699B679EAFCA09CEF54852512F9C0D7436AB2DA612E960E5B28D9B01D82ABF1C4D10895D4C2DBE09299A9FA3A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.k..........e.'.e.'.F.tBe.'.........a,~1708533556,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/7f0194d6-62d6-4174-a7ed-55ebc13aacb4.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\F70837499B890A8D3B5C5907DA600AE3DEF49903

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9760
                                                                                                                                                                                                        Entropy (8bit):6.108085727430933
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:dDMwBNPcpFRZ8gaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWd2+Xd2+e:dAWKhJvjaanFhu7oiTaIdarQ
                                                                                                                                                                                                        MD5:995567CB18F771F0C02AD2F9D7D59481
                                                                                                                                                                                                        SHA1:B2435DCA341FCD8576DEF26FB11290275D280273
                                                                                                                                                                                                        SHA-256:9456B52B11D2A38CAB21E415982C297A5107AE472AD40F57681B4CAD490D6A66
                                                                                                                                                                                                        SHA-512:9AF1B4F2ACB60A9C0E8D9DA7BA469BBBAAD5FF6807CAAEBF0213E4EEB2CA95665EAF0D9BCB3FC1BB803F827A131E6BC5BD16017C18DE39569090311A0CB5B857
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["name","release","revision","license"],"properties":{"id":{"type":"string"},"name":{"type":"string","title":"Name","description":"The name of the project, e.g. bergamot-translator"},"license":{"type":"string","title":"License","description":"The license of the wasm, as a https://spdx.org/licenses/"},"release":{"type":"string","title":"Release","description":"The human readable identifier for the release. e.g. v0.4.4"},"revision":{"type":"string","title":"Revision","description":"The commit hash for the project that generated the wasm."}}},"signature":{"ref":"3at5mbgf5mqwf24mrmz042ti7m","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"1Pi8xGXAsMvLuO7UKugWW97kiqikykcWXBpsk_OypNCwN1ZvMjkE_SDnmOWcPlFWPeV_H0bquFzJrzXTu-vtAHtcH6YQCktkbqDHxS6zmCN6MeiPrhPZ7uFPHv2EsFGM","signer_id

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8559
                                                                                                                                                                                                        Entropy (8bit):6.086701625523207
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:QTuVgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdCPdCm:QTuGhJvjaanFhu7oiTaIda6T
                                                                                                                                                                                                        MD5:99B673EA92F05896D3B6F504F27DC381
                                                                                                                                                                                                        SHA1:9C74EB8EE48F0805BAD0528124CFC6BBA6913447
                                                                                                                                                                                                        SHA-256:D9FD304241FC3B7FB8572588B9965A16C13566DD3C2E7E5F76B615AB6EC97E0A
                                                                                                                                                                                                        SHA-512:A51F471F459FA662C983F60F862ED3F1F90AF86697BE9D30E3F4F79623DAB78DD311E7E81FABCB29666B08B50FFF48574081566AF510005C094BCD35DE96B95D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"project_name":"Remote Settings PROD","project_version":"18.0.0","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"explicit_permissions":false,"batch_max_requests":25,"readonly":true},"capabilities":{"changes":{"description":"Track modifications of records in Kinto and store the collection timestamps into a specific bucket and collection.","url":"http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes","version":"32.0.3","collections":["/buckets/blocklists","/buckets/blocklists-preview","/buckets/main","/buckets/main-preview","/buckets/security-state","/buckets/security-state-preview"]},"attachments":{"description":"Add file attachments to records","url":"https://github.com/Kinto/kinto-attachment/","version":"6.4.0","base_url":"https://firefox-settings-attachments.cdn.mozilla.net/"}}}ZN..|5............e.'`F.t e.'`...2....:https://firefox.settin

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\FBC218B2B9D2028FFAD146D161E1985012F0CA24

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8054
                                                                                                                                                                                                        Entropy (8bit):6.046164003546821
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:kPTJvkmV2GnShxN4su3pztscNbZovEpau:AJvkaVSt4b3lAc7
                                                                                                                                                                                                        MD5:92A588415F456FAB06FBBD95596A8A11
                                                                                                                                                                                                        SHA1:F3BF6CF9191835C67209A1A0EC5C9BF7516920F0
                                                                                                                                                                                                        SHA-256:48D9A9102C9E97C80CF6702D874FFE87BC54305F7F7AABE86F0A54253C32A3DC
                                                                                                                                                                                                        SHA-512:B32AD0E9115DE6275BD9D4B28E0F43B8E3BEF0A0DB25A344DF27DE38BB373CA08A6D815D460703E391B15B1BBF3483F9C7822EA868FCCC4A5E076590C5931713
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...........e.'`e.'`F.t.e.'`........a,~1708533544,:https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/01e461df-d85d-4561-a852-205de2d67f32.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAX1MIIF8TCCA9mgAwIBAgIQAeBji5rfnEKbkKRvr4s0tzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xKjAoBgNVBAoMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDEqMCgGA1UEAwwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMB4XDTI0MDIyMDE1MjU1MFoXDTI1MDIxOTE1MjU1MFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMScwJQYDVQQDEx5pbmNvbWluZy50ZWxlbWV0cnkubW96aWxsYS5vcmcwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCraapm+fb8ejaLzja6pieouKlh5GIv26JcCz+KGzAoTI7eHm0l7BWFV2o1VXaiguctHUcwv22pPCOQyYKhpWwVqAZF7hdKgwzyJGhesSAPt17+60wxx0u1yugbLq93P1a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\FE1F5B94E735CF25E43C634E82ECB06C772BE012

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7044
                                                                                                                                                                                                        Entropy (8bit):6.036583620706775
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:ibMdhFHFXMcq06AUfJ3CFdhFHFXMcq06AUfJ3C4ehQgMxFJz48t8QkciiZFPPnni:pFHFXKKFHFXKu8jjt8+RZFPPqYCR
                                                                                                                                                                                                        MD5:1010B589F99234659AD7E17B1617EC81
                                                                                                                                                                                                        SHA1:0AFB4E3F6AF89AD7C21843C6F3D97C17FF570F3D
                                                                                                                                                                                                        SHA-256:1A9F06107BA7F04E57F103BBFA15E0C987762ABB051586840E0203CDF913C172
                                                                                                                                                                                                        SHA-512:6344E694CCACC9F9663E022166C03243A95F3846044A7935758E429357338933D5D48300F2DD79DA15910988436158C81D26C3D533413A3C30CB3222265D6950
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..6.........e.'.e.'.F.t\e.'....J....O^partitionKey=%28https%2Cyoutube.com%29,:https://i.ytimg.com/generate_204.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAW9MIIFuTCCA6GgAwIBAgIRAJEGaeSZHqW6EGgobYsmOGswDQYJKoZIhvcNAQELBQAwgZIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMSowKAYDVQQKDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQxKjAoBgNVBAMMIVRoZSBVbml2ZXJzZSBTZWN1cml0eSBDb21wYW55IEx0ZDAeFw0yNDAyMjAxNTI0MjhaFw0yNTAyMTkxNTI0MjhaMBkxFzAVBgNVBAMTDmVkZ2VzdGF0aWMuY29tMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAq2mqZvn2/Ho2i842uqYnqLipYeRiL9uiXAs/ihswKEyO3h5tJewVhVdqNVV2ooLnLR1HML9tqTwjkMmCoaVsFagGRe4XSoMM8iRoXrEgD7de/utMMcdLtcroGy6vdz9WoGuZGDXeuWVdmBi/AYRXnW+1BGBuIaYP99U35J86T95fSLr8m+kGNtg6IKjEvzjU7Igc2MRoqt6yvs1CA3FPhxnXdx8RkkPN8NlIwm8Dmw4v5ukUnYxjw4GMzeNQgpdgz5UJEME0/9WszLk9ydJs8ANyGkrjGd5cNwteF3x6ADptnbvc/Q

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries\FF63A96CB0EE05C4E8600CAFADA617EBA0BAB35D

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):8469
                                                                                                                                                                                                        Entropy (8bit):6.0949810914920315
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:CJBKgaQJvjmVPnZQyaF+y/GO6oifbaI8j3qWdWwudWwo:CnhJvjaanFhu7oiTaIdaec
                                                                                                                                                                                                        MD5:6386AB891548EE0FE29CBDA2F938F11B
                                                                                                                                                                                                        SHA1:0BC5CC67D6DEE3885C3A2858CFAA0A31155969FB
                                                                                                                                                                                                        SHA-256:1468899A6E2A5AC245B7578B57640CF1167A475A8AC64D033AF30A550FB7D64B
                                                                                                                                                                                                        SHA-512:AB6D0A446F1E6989426BC39C8FA526C7E408B72230C2F1B6FDBC91CE012B840731B3D8927086779D78BF24D86EBF2768D2B43F02C770609A35C121280D14C819
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"metadata":{"signature":{"ref":"3mux35atu4q1r31amsa077uwdp","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-03-20-10-07-03.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"Qq-aHBMyC6UJ-LIOMOWYHD7cWb3ufrDqPeFla-hPsdkYKb3J4euPyYiktc6IC2iql1vOcAjFI6nUNS6TXPFQCUqLYiHKtZ1phbIq3GkqgV-DrrcZwfONqVQdweBL6Muo","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9/8sqFZ+dU3XKZO6K+T1Ez9wiWI18wv2atOP1JBioLK9RDzM+2lP3hcnmkdKPoF54BBcrrUruEYcLg7gsw2EWoqGzqOXmUVf5aDVfUHQxV8aW4x3H/oT0qGFXgDFHb+t"},"id":"whats-new-panel","last_modified":1708041615495},"timestamp":1617030573137,"changes":[]}\....m........e.'Re.'\F.t.e.'\...|....:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/whats-new-panel/changeset?_expected=1617030573137.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXml

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing-updating\google4\goog-badbinurl-proto.metadata

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):67
                                                                                                                                                                                                        Entropy (8bit):5.483707847045025
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:219+OY1flhLgMpzV5Ln:2+rWGZV
                                                                                                                                                                                                        MD5:822D705809300DED00223B000DF2DA65
                                                                                                                                                                                                        SHA1:9A376EFF2B774CC4B303C7DB27C27A4E6F1E82DA
                                                                                                                                                                                                        SHA-256:C272CEA47C9DB00809880E936A94F3FEE72AC0BEE3C93F0274557C43B40FFFC2
                                                                                                                                                                                                        SHA-512:36B20E0978603AFBD1215A6BC6EE9999812E5EE6EA937DC56331E18911EB3774333F5C46DE384E7F44D5F82358401BDB583001CA0393678D58613B9AB752154B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:............".0010..........Y. ...D..w.j.}......q.f...l....&h.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing-updating\google4\goog-badbinurl-proto.vlpset

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):582764
                                                                                                                                                                                                        Entropy (8bit):7.702013019096078
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:rlUWBl9d2Q6V9VENIS4xLO6QxQQfYwo1uMhOBm2ccA2:rlfTdWfVEwFOnxQQfYbBhOBmTl
                                                                                                                                                                                                        MD5:0E5B9A02A0F632AB8E2C0C79638A391B
                                                                                                                                                                                                        SHA1:DA521FE20C4520F0D4AFE2DC83F6A03C294D448B
                                                                                                                                                                                                        SHA-256:58213F49BB1AF85D474FAC31C07C4301C3F4C3C1D09BAED45D0237851CCF9805
                                                                                                                                                                                                        SHA-512:DC4520A5D3EA0414DE72F613F8D9AC3E9C457E054F0D8DE3D8064706855D9F0850F74D231620BD60D670C70D2E07AC7E8E830E94C656F9F7184E454666526742
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:....5J.6........r....'..eM............ ..B+.......:...<.7.S.Xza.ICz.....Ng........+...M%...f..p......../......t.....>...J.\\N.&"T.\.l...z.Z.}.<[~.....<......=...T.........@..K....~..@...z....2..T.'.>.@..TC...F.W.M.~Ta.y#l............+...`...|..p...6...........I...........\o..-Z&.H.7.l.G..J..'f..nj..{u......E.........a....>..&...@q............%...2..#6...<.L.F..1I...]..._...j.Ymq......}..ho...x.....5...2~.......B...G...$..f...,1..[.......c....n......w]+.g.4.dQM...e...h.$.j..=t.@+..nh..e........j...S..u...t..]....{......,...s...i........@..3./.C.:.F.C.V.W...a...h.H.i.j.v..X|....P..........8.......3........@..Rr...&..{0...?...A..>G..P.W+S...Z..f...h...l.u0z.....>l......j*..6J...7..v....4..%....S...P..........)...{.......`.2..>;.t*L..`N.c.Q..~l.........A......z.......\..g...m...Z...&........&...+...7..r@.0 R.ug_...e.K!u.....K=......."......a...+X...p..[u..1....I...!...#..x.#...?.}.\.#.c.PVp.u...%....u......R8.............u?......d....4..Jr..R....u..|...KM"..&...).

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):65
                                                                                                                                                                                                        Entropy (8bit):5.471991851323575
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:2oe1BkHmV+OQldFtwzrLmhmk9bqKvn:GoGcvFqbQmZKvn
                                                                                                                                                                                                        MD5:15C0B0BFEA856B034E053BDCAA086411
                                                                                                                                                                                                        SHA1:29FAB2523FB2374F07F0D00D892EC60BFDA2C4CF
                                                                                                                                                                                                        SHA-256:7D553B1C4DA02987C2CA0327A25901AA4771B654A11E49AFC58FBC8875873D7E
                                                                                                                                                                                                        SHA-512:3C082ED1903F074D83FE4F341A61099D4547C36DAADB880CACD2F11A387B4765EA111230BD215ED3947DA148B78B669DE5B1293626DD4E1DD8B15B2A48B29560
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:............".0010..#....;.,. .....bm..nC.{PL.........^..}[...9.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing-updating\google4\goog-downloadwhite-proto.vlpset

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):37349
                                                                                                                                                                                                        Entropy (8bit):7.995016769808263
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:768:wz0fu1txSrQIXZ4cWSDNjvMflwbnmVDMaKYHXeHL/h/:wQfuTEp4XIzuAg3e1
                                                                                                                                                                                                        MD5:CF3989ADA19750F5BBD46BC8ADAFFB7A
                                                                                                                                                                                                        SHA1:0708F2ECB06362EAAC117090E4C8BE323922EF03
                                                                                                                                                                                                        SHA-256:C9C80D8B5B9464FD22E1C8B84BB80792FCFE69FA56F52F7B491E7FCB6DA6C8F4
                                                                                                                                                                                                        SHA-512:90E9D108A2A645DC1B97A26C225695C1DB7572E94F88E952E122B44731BA5CC59882EE97F3F2E0489ADA295942212F13436ACA56612A6FE5FAF5284FB3AE02FE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:....5J.6.................... ........Nt.*HO5..*... ..UM..7<.............~.'.....V.W..;B.........R..Cl.&/ZM....L...n..9.k.7<..ST....Fv.^}@/3w1@..U...wWG.(.....V....(' .J...w....&1.D......n.&|.J=.......=...`H.l..G......... ..R..P.wS6.....\.D.<.....2..zH.dL...i.W..2.......%...2p..j<q......I..M..H*.O_.i...p....B..)..m..Oty}...`.f.l.4.^...%i..d.lZ.$<R.W...J......j.....a..g ,G".1...~.>.x.....7....J..@!t=..b..Q....;..l%8|.n.......2z.%..;..3J.;..S...VV..[.........%,....Yw...{`X..,._........,..V}v%G....D.B...)O....m_.....J...`.6..._B]..;....?.$@v....9.fd.ee.O.O.e..L..5[..?....?..y.%..g....~8.B..p!.$.U..Af..F...mu...(....D..!0].A..l59,.........90.....(.E].\z......Y....aa...T...QI{(....R.<....u...b.cQ.iJ].....mh.u@..G..D.|FLz./d=...U.K.p.}.9.U|Ib...(n.y._..9.d....OC.....b..C.A|.8...\,..s....L.`f.....e....g....C^2.....:...V.../J....c..fPB&.t.....4.T.aq...!L..u..A.....Q..BwWi..Xd..`+..'....z_.[.......,....b.z9.[......O&.1%.7r..=}.*....c.5.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing-updating\google4\goog-malware-proto.metadata

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):67
                                                                                                                                                                                                        Entropy (8bit):5.40147239921925
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:w19+O06rK9UoSivNmD:w+n599SiA
                                                                                                                                                                                                        MD5:A5A5900BAD38C98040AA9240BD803399
                                                                                                                                                                                                        SHA1:A037191CA000A56FE79961F93E36DDB15645CA1F
                                                                                                                                                                                                        SHA-256:47EE942DF6DDEBCE6112E5850C3E18014DC40684807D6422C7EDDE798B74F3CB
                                                                                                                                                                                                        SHA-512:85F7347685558469F9432EDCCC7EC6A2360DDB7125C7788DC5F595CDC0B46DD979A05FA390450821E8DED8982E5A457D72666E3D063FFD4BD451137FE8497C55
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:............".0010............. ...*.N!\.=K!..!...p.M..T.....{~.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing-updating\google4\goog-malware-proto.vlpset

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):229052
                                                                                                                                                                                                        Entropy (8bit):7.999178115809793
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:6144:uWRzPkyl5GgWivYLKeuNvRjs2uVcFw8+eU9fMPU9UdG:Z6gzcYv9s2uuFEekfm4
                                                                                                                                                                                                        MD5:47631E94E040DD3E7BDFBF783D33CAB6
                                                                                                                                                                                                        SHA1:4D16A12D3E6C1D544212F4C0DFA7E829A636A561
                                                                                                                                                                                                        SHA-256:AB22D372D615710585E2C1F50230E3D5B510BBB4C2931377956D3EE734AD8B62
                                                                                                                                                                                                        SHA-512:77FD94513A7DD8773873C30DFD0914FBB1B7B0A4486BF20E9BDAF744423ED77B79B71EB385A3E207831F4EA49F5424A84AC0FCFC86A38D2900934BB82D8F2A32
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:....5J.6.......................\...P........2...<..p............<...b..)...MT............./............-..n.......@...........a.....".Z9$.$1%...'..{'...'..d(..(.o*)...*..4/...0...2.*.2.[.2..C3...3.n07...7...:...;.V.<..9=..>.1.>.. ?.8p@.x.A..A...A...B.&.B.. C.7.D...D..vG.k.G..DH..H.K.J...K..xK.J.L...N...P..hP.n.R.z.S..:T..T.U.V.6.X.Q.Y...Z..[.a.[...\.w.\..R^.)Y^.3.^...b...c.C.e..:f...f.c.g...i...i...i...j.%9j.O.j.R.r.n.s..+t...t.,.u...u..%x..6}.BQ}...~.....0^..(r...*.......P+..hj...L...A..(....'...L.......... ..n......5...,...K+.....c...7a...g........g...v..\.............(K.....X...).........AT..Ho...3../..%..D...rS...&......7.. ......O,..J=.......6......4....}.....\...N...@...Q....@..K....#...m...o..........bp.......&...............,.......K...W.......u..<...'....0..f.......I(...b..G........$...y..H..........\S...Y..-|................q...{>...Y..er....../L...U.......e.......n..g...n....J...\...1.....wv.......9...g..p...u....E...........+...........8......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing-updating\google4\goog-phish-proto.metadata

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):67
                                                                                                                                                                                                        Entropy (8bit):5.5135585933136815
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:01j5+Ob8Fs7FaIUFj50Q1O6mz:0+VFs7ITTLE
                                                                                                                                                                                                        MD5:AD332F22BCE0118D4C4174DA47E81473
                                                                                                                                                                                                        SHA1:12E510CBE54D2E03FEAC463AD5E9E283769697B6
                                                                                                                                                                                                        SHA-256:AD820AC5506DEC321E498DBDBA53F93FCA897BF2ECD1B08D2A5CC08EF0BBE36B
                                                                                                                                                                                                        SHA-512:B638EE0697261A457010DB05C9ECDB60A0D69BE8E8FDC5BF9403E136043C1731A9B03229BDA9738D029DB882C549A1FFD454912E08ADD3B1B7F539D9034677DD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:............".0010............. ...p.'m.UP...A.....:....(MT{......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing-updating\google4\goog-phish-proto.vlpset

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):12636370
                                                                                                                                                                                                        Entropy (8bit):6.302368314921651
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:196608:vdkXdi+VSGBGk+ZFHsHIVcns/A7xhII2eUo:vKMsBYfMHKrA7wxG
                                                                                                                                                                                                        MD5:7CD0BADE1EFD7098F970BD70678DEF42
                                                                                                                                                                                                        SHA1:53E5AC49BFABA113BFE0D52C98FBED86EA205AF3
                                                                                                                                                                                                        SHA-256:9D0E69116A1C67CD636DF84A15672723D2D0CCC168FC4BD3918A70F3F21C886A
                                                                                                                                                                                                        SHA-512:2F3B926A4A19FC49BAB6893C68CD7DBB42B4DDDDDAE81BDC32FEEF6D252D9FC50B843D87CAFE6811DB86E2167713722B6CC5EE02A0192B9A7894FF4D050F93A9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:....5J.6..........[......w......8...SE..r~..,...y....c......#....L....................f....Q..........}P.........";...n .4.!..."..A$...%.i.&.<.(..y)...*...,..\-.H...m,0...1...2...4.Y75.F.6.,.7...9..J:..;...<.e<>..?.C.A..gB...C.S.E..CF...G...H...J.eqK..L...M...N..8P...Q.c/S..gT...U...V.LOX...Y...Z..9\..t].4.^..._...a..eb...c.9.e..sf...g.J.h...j..|k.b.l...n.._o.s.p.!.q..*s.7vt...u...w.F.x..:z..s{.Q.|.1.}..U......./.._f.....a...-\..`........T......=$...w..,........|.......c..L...+..........W..4........j.........5..e.......e......6....l....y........m.....$'...n......t..../.........u[.....r...........<....l......E....M......'...`............L..........N&...e..Q...B...T1..f...m.......T.......EL...d...............2..U...)...b...l....8...o..G....3...}......uc......m...Cd..h..."#...b..........:.....y....K......^...>6...S..q...%....^..}....#...~...........f...........\...............4!...".-.$..q%...&.?.(...)...*..",..S-.......0..a1...2...4.<.5...6..U8..9...;.@?<..y=.?.>...?.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing-updating\google4\goog-unwanted-proto.metadata

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):67
                                                                                                                                                                                                        Entropy (8bit):5.494974824689256
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:y1BkHi+O193sllz9OzWGyn3cAFZMN:yoT//QynsAFg
                                                                                                                                                                                                        MD5:52BA7231FB040969E93A119E7E3CB5D8
                                                                                                                                                                                                        SHA1:40CCD1DF040FB29DED91E13E8B7302E9170DED9F
                                                                                                                                                                                                        SHA-256:E72E996EA8712AAC74AE9A00300F84E7B4CFCF77B6B7986389F1B6FFF6578FC6
                                                                                                                                                                                                        SHA-512:68EF99AB20C704FEB6CC6FBB35895D4E2560419422D38CE48C8B458DFA656CA474254B82ECDE8A7C706F0D1C1D8B038546809076B3E9642ABD6D3C8D6462F600
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:............".0010........./u.t ......k.r.s.c.G.|..yX.. ...)..m.E

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing-updating\google4\goog-unwanted-proto.vlpset

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):542232
                                                                                                                                                                                                        Entropy (8bit):7.660783188997593
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:J59pbNlrFOhG/Mj2BgABMId5TgBQ7+f49Ty8X5XZC3SYm8Z:37bNlrFOh4a2BwTZ8XsSP
                                                                                                                                                                                                        MD5:75F7770867DEE79C5F7608356BD6BE68
                                                                                                                                                                                                        SHA1:96EFA685332231B39CFF9FBE9B319A8B373727C5
                                                                                                                                                                                                        SHA-256:85596B449BE50E74CB4DFDF611EE37A29B173C726A17073862637E3A3B90764B
                                                                                                                                                                                                        SHA-512:90E4D51ED1834BD7AE15A3AB229C29F89C64F4501F56850D577D5441FD46C8D63173B0229CFE60CB0A74C5D817C34E7DD39855A1FF11802545D7E86F2D9520C6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:....5J.6........4.......tc..0...P_...0..W.).G.,.W.1..5..*<...?...M..kS..%`...a..Lf..eo..]z...}.{R.........@C.........k..5v..U..AO...M.......?...9...]...=..5...........y............M$...0...1..Q=...?..BE...J..BP.j.U...b.I.k. `l..^q.'{t...y......$..(^...F..................'................Q...A..$.7...<.[.B..zK..6R...h...m..bv........*......+..........]%...X...P..f...>....Z.......!..%...:..ZA...I...M.Q.O...Q..?m.0.p...y..*..sx...W......I...........r....6..........F...A....h..a........N..T.......#........."...6...9..9@...O.".U...q.-.......Q......P....,..^..>`......a.......S;...M.......C......,...@...=v!.v.%...'...3...O..AV...b.0.q..fs.qEy.....@a.....80..\..Kj......2.......'7...:.......b..M........."...%...;...?.$<N...W...\.A.g...t..(...)...............7.....,.......#...k..}...7............'..|.......v....r.......*......Q....(....$...(..zB...C...F..We..{s..q......q..!T......._..K..............................S...L.$..&.?27..2O.N@R._,T..aZ.sA].FRl..u..p..w....d......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7581
                                                                                                                                                                                                        Entropy (8bit):4.764879972898958
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:63/CCBm4CsBJumwOGmnOqiwpJibAKGb9CqwGV:OHPnIwyqwGV
                                                                                                                                                                                                        MD5:C460716B62456449360B23CF5663F275
                                                                                                                                                                                                        SHA1:06573A83D88286153066BAE7062CC9300E567D92
                                                                                                                                                                                                        SHA-256:0EC0F16F92D876A9C1140D4C11E2B346A9292984D9A854360E54E99FDCD99CC0
                                                                                                                                                                                                        SHA-512:476BC3A333AACE4C75D9A971EF202D5889561E10D237792CA89F8D379280262CE98CF3D4728460696F8D7FF429A508237764BF4A9CCB59FD615AEE07BDCADF30
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...## These messages are used as headings in the recommendation doorhanger..cfr-doorhanger-extension-heading = Recommended Extension.cfr-doorhanger-feature-heading = Recommended Feature..##..cfr-doorhanger-extension-sumo-link =. .tooltiptext = Why am I seeing this..cfr-doorhanger-extension-cancel-button = Not Now. .accesskey = N..cfr-doorhanger-extension-ok-button = Add Now. .accesskey = A..cfr-doorhanger-extension-manage-settings-button = Manage Recommendation Settings. .accesskey = M..cfr-doorhanger-extension-never-show-recommendation = Don.t Show Me This Recommendation. .accesskey = S..cfr-doorhanger-extension-learn-more-link = Learn more..# This string is used on a new line below the add-on name.# Variables:.# $name (String) - Add-on author name.cfr-doorhanger-extension-author =

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7581
                                                                                                                                                                                                        Entropy (8bit):4.764879972898958
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:63/CCBm4CsBJumwOGmnOqiwpJibAKGb9CqwGV:OHPnIwyqwGV
                                                                                                                                                                                                        MD5:C460716B62456449360B23CF5663F275
                                                                                                                                                                                                        SHA1:06573A83D88286153066BAE7062CC9300E567D92
                                                                                                                                                                                                        SHA-256:0EC0F16F92D876A9C1140D4C11E2B346A9292984D9A854360E54E99FDCD99CC0
                                                                                                                                                                                                        SHA-512:476BC3A333AACE4C75D9A971EF202D5889561E10D237792CA89F8D379280262CE98CF3D4728460696F8D7FF429A508237764BF4A9CCB59FD615AEE07BDCADF30
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...## These messages are used as headings in the recommendation doorhanger..cfr-doorhanger-extension-heading = Recommended Extension.cfr-doorhanger-feature-heading = Recommended Feature..##..cfr-doorhanger-extension-sumo-link =. .tooltiptext = Why am I seeing this..cfr-doorhanger-extension-cancel-button = Not Now. .accesskey = N..cfr-doorhanger-extension-ok-button = Add Now. .accesskey = A..cfr-doorhanger-extension-manage-settings-button = Manage Recommendation Settings. .accesskey = M..cfr-doorhanger-extension-never-show-recommendation = Don.t Show Me This Recommendation. .accesskey = S..cfr-doorhanger-extension-learn-more-link = Learn more..# This string is used on a new line below the add-on name.# Variables:.# $name (String) - Add-on author name.cfr-doorhanger-extension-author =

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\startupCache\scriptCache-new.bin

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10088168
                                                                                                                                                                                                        Entropy (8bit):4.734486479182655
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:yv8cW5IBmeVgdySbn/SSyaVH4m9gD+EKm:yvDlmeVBSbn/SHaVH4m9gD+Tm
                                                                                                                                                                                                        MD5:B41E899A9388B3BC72BC864F43F72065
                                                                                                                                                                                                        SHA1:EF20766BC7DAEF7C4315805B21EF7CA720C7443E
                                                                                                                                                                                                        SHA-256:49856D103859A3B1E08DD0811E90E2C0EFD46C1AA2662B82908E255922711306
                                                                                                                                                                                                        SHA-512:04F4CFBB7C41273F2B4751C95CAEBF17873430326DB511CE957531AD943D2ACE60C91A2FAD48FF5C1A998CBCAA55F1718FC707654A30C5C53830D3EBE090D817
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozXDRcachev003.i...... 3.resource://gre/modules/MainProcessSingleton.sys.mjsO.jsloader/non-syntactic/module/resource/gre/modules/MainProcessSingleton.sys.mjs.........5.resource://gre/modules/CustomElementsListener.sys.mjsQ.jsloader/non-syntactic/module/resource/gre/modules/CustomElementsListener.sys.mjs....H....'.resource:///modules/BrowserGlue.sys.mjsF.jsloader/non-syntactic/module/resource/app/modules/BrowserGlue.sys.mjs.........1.resource://gre/modules/ActorManagerParent.sys.mjsM.jsloader/non-syntactic/module/resource/gre/modules/ActorManagerParent.sys.mjs.....R...'.resource://gre/modules/XULStore.sys.mjsC.jsloader/non-syntactic/module/resource/gre/modules/XULStore.sys.mjs.7..x5...1.resource://gre/modules/EnterprisePolicies.sys.mjsM.jsloader/non-syntactic/module/resource/gre/modules/EnterprisePolicies.sys.mjs.m.......7.resource://gre/modules/EnterprisePoliciesParent.sys.mjsS.jsloader/non-syntactic/module/resource/gre/modules/EnterprisePoliciesParent.sys.mjs.s..P....(.resource://gre

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\startupCache\scriptCache.bin (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10088168
                                                                                                                                                                                                        Entropy (8bit):4.734486479182655
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:98304:yv8cW5IBmeVgdySbn/SSyaVH4m9gD+EKm:yvDlmeVBSbn/SHaVH4m9gD+Tm
                                                                                                                                                                                                        MD5:B41E899A9388B3BC72BC864F43F72065
                                                                                                                                                                                                        SHA1:EF20766BC7DAEF7C4315805B21EF7CA720C7443E
                                                                                                                                                                                                        SHA-256:49856D103859A3B1E08DD0811E90E2C0EFD46C1AA2662B82908E255922711306
                                                                                                                                                                                                        SHA-512:04F4CFBB7C41273F2B4751C95CAEBF17873430326DB511CE957531AD943D2ACE60C91A2FAD48FF5C1A998CBCAA55F1718FC707654A30C5C53830D3EBE090D817
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozXDRcachev003.i...... 3.resource://gre/modules/MainProcessSingleton.sys.mjsO.jsloader/non-syntactic/module/resource/gre/modules/MainProcessSingleton.sys.mjs.........5.resource://gre/modules/CustomElementsListener.sys.mjsQ.jsloader/non-syntactic/module/resource/gre/modules/CustomElementsListener.sys.mjs....H....'.resource:///modules/BrowserGlue.sys.mjsF.jsloader/non-syntactic/module/resource/app/modules/BrowserGlue.sys.mjs.........1.resource://gre/modules/ActorManagerParent.sys.mjsM.jsloader/non-syntactic/module/resource/gre/modules/ActorManagerParent.sys.mjs.....R...'.resource://gre/modules/XULStore.sys.mjsC.jsloader/non-syntactic/module/resource/gre/modules/XULStore.sys.mjs.7..x5...1.resource://gre/modules/EnterprisePolicies.sys.mjsM.jsloader/non-syntactic/module/resource/gre/modules/EnterprisePolicies.sys.mjs.m.......7.resource://gre/modules/EnterprisePoliciesParent.sys.mjsS.jsloader/non-syntactic/module/resource/gre/modules/EnterprisePoliciesParent.sys.mjs.s..P....(.resource://gre

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\startupCache\urlCache-new.bin

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3628
                                                                                                                                                                                                        Entropy (8bit):4.795030058614529
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:qwwneU3deLVegWWKmWtoBYjYdYgbbYgbqhNTKWeRryLPZefSyWr9HicStpRtNm7y:qwFU3Wu38qgbkgbIKKRCUOt9Jr/l
                                                                                                                                                                                                        MD5:2E506C8D36C80A9E0DEC43493EB0D83B
                                                                                                                                                                                                        SHA1:AE5633F4F6B7DDAC7CBAA6CB0B9F912050CA61F8
                                                                                                                                                                                                        SHA-256:492CAE3A42E3ECC344A4B12A763214B5D1809D0933E6A94658C4CD9BB020CA5A
                                                                                                                                                                                                        SHA-512:FCFC9D2798C155D5725CE39FFA6BF7DC7703DBB849D5B8895D88430D07EAA3E671954D64DEC1293DB9A8262DB7745D3CD7FF8CBF927674C5324AC444F60739F2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozURLcachev003......u...b.C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\xulstore.json.;.C:\Program Files\Mozilla Firefox\distribution\policies.json.3.chrome/browser/content/browser/built_in_addons.json.j.C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4.%.chrome/toolkit/content/global/xul.css...res/contenteditable.css.$.chrome/toolkit/res/counterstyles.css...res/designmode.css...chrome/toolkit/res/forms.css...chrome/toolkit/res/html.css...chrome/toolkit/res/mathml.css...chrome/toolkit/res/noframes.css...chrome/toolkit/res/quirk.css.!.chrome/toolkit/res/scrollbars.css...res/svg.css...chrome/toolkit/res/ua.css.0.chrome/en-US/locale/en-US/global/intl.properties.I.chrome/en-US/locale/en-US/mozapps/downloads/unknownContentType.properties.-.chrome/en-US/locale/branding/brand.properties.=.chrome/en-US/locale/en-US/global/layout/htmlparser.properties.1.localization/en-US/toolkit/about/aboutPlugins.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\startupCache\urlCache.bin (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3628
                                                                                                                                                                                                        Entropy (8bit):4.795030058614529
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:qwwneU3deLVegWWKmWtoBYjYdYgbbYgbqhNTKWeRryLPZefSyWr9HicStpRtNm7y:qwFU3Wu38qgbkgbIKKRCUOt9Jr/l
                                                                                                                                                                                                        MD5:2E506C8D36C80A9E0DEC43493EB0D83B
                                                                                                                                                                                                        SHA1:AE5633F4F6B7DDAC7CBAA6CB0B9F912050CA61F8
                                                                                                                                                                                                        SHA-256:492CAE3A42E3ECC344A4B12A763214B5D1809D0933E6A94658C4CD9BB020CA5A
                                                                                                                                                                                                        SHA-512:FCFC9D2798C155D5725CE39FFA6BF7DC7703DBB849D5B8895D88430D07EAA3E671954D64DEC1293DB9A8262DB7745D3CD7FF8CBF927674C5324AC444F60739F2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozURLcachev003......u...b.C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\xulstore.json.;.C:\Program Files\Mozilla Firefox\distribution\policies.json.3.chrome/browser/content/browser/built_in_addons.json.j.C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4.%.chrome/toolkit/content/global/xul.css...res/contenteditable.css.$.chrome/toolkit/res/counterstyles.css...res/designmode.css...chrome/toolkit/res/forms.css...chrome/toolkit/res/html.css...chrome/toolkit/res/mathml.css...chrome/toolkit/res/noframes.css...chrome/toolkit/res/quirk.css.!.chrome/toolkit/res/scrollbars.css...res/svg.css...chrome/toolkit/res/ua.css.0.chrome/en-US/locale/en-US/global/intl.properties.I.chrome/en-US/locale/en-US/mozapps/downloads/unknownContentType.properties.-.chrome/en-US/locale/branding/brand.properties.=.chrome/en-US/locale/en-US/global/layout/htmlparser.properties.1.localization/en-US/toolkit/about/aboutPlugins.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\RageMP131\RageMP131.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2300928
                                                                                                                                                                                                        Entropy (8bit):7.960876666522179
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:60MC0ftOfWFWf7oqN1JzRRnt9iokxHbvJzyD6CdRhx2Z:6050ftOfWI539Xtkokx7dEjdjxE
                                                                                                                                                                                                        MD5:412B746E17540448A98A952B5EB29744
                                                                                                                                                                                                        SHA1:684A4276F34154FE2773F1AFB095AD26A19E1823
                                                                                                                                                                                                        SHA-256:9F121F9E36A53EB08FF86C94CF9678245D0C1D56670118D44351BEA52E74AEC7
                                                                                                                                                                                                        SHA-512:D4469252AF0EB46AACD86BB90B1D15ACCCD48A07EB8F57A397F1EF3A9E35B7A642AAB8588945B85A47FDAC26DF488DBB6D81721049F09FEFFD6CAEF4E2B5B08C
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....L........X...........@...........................Y......N#...@.................................T...h....p..h1.......................................................................................................... . .`..........................@....rsrc...h1...p......................@....idata ............................@... .0+.........................@...jqngduam......>.....................@...kbulycau......X.......".............@....taggant.0....X.."....".............@...........................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):26
                                                                                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1ba0c97c-4928-4876-8c5f-2614e78f88de.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 740380
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):448718
                                                                                                                                                                                                        Entropy (8bit):7.998491841885819
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:12288:JQfPfcNwi0J3D9q/fx++M9k/d0Su91NMBj:ufXScVD9q/p+wFG1NUj
                                                                                                                                                                                                        MD5:5FF4525800BEC612A599ECA9302DCCB7
                                                                                                                                                                                                        SHA1:6BB85C20B926459A3C454F22B0D6054196A70EF1
                                                                                                                                                                                                        SHA-256:E6B9BDAB3E6A09045339FD5F0F06686490E2DA801CB516749C5A350570F3E472
                                                                                                                                                                                                        SHA-512:5A514A253F576F31BF81F179570267E87C14A140024C70DE1F661270BAB7D62ED351CD6984E457E5B89C2BD69D7E4B89F563F051305BA9DFACF5F6CF2BBB5EA4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...........<kW.......],{PL.......r.....[......qb'....l....Y].......oIh.=KgI..4{6.S.g...f.=...Y.%..O._C...be..|...x...EF.g7..oxO{m..-.....)....X.R.o..ue..}..H...x.....X$l6O.............=....\...|...p.{......d.....9...}j.....tm8.M..MvK...^.i..p.wW..yC./........`..C.0.p.k{..G.?|..y.S6..a<.5'I<..x$.3.F..<;J.8.5..om...*.tMs..[.5.|x.x..9b..l..].....s....T...a\s...1.X;...9.....Y.o.'9.VI...J...idB..&N||.....}6........$e4..)..L......_@`....{!..je#..6.....2x...N...-.@y....f...p..y..m.&VB.V.aMP.w....b..nC.2l9o..A5.k....r.R.2$.*.U..!3.C2#d...|......x>.i.PA........?-.R..r.|...<MNV.bx....u).[.7.%.3s.Z,....GbM.5`8_.3:.//.I....]......6.p.*.7i.-.].z....q.k..?...`V.i.y...t....MX..ID..k~1#...]i.Z.Q \..q...j.....$.g......Q83...2.#=r..c&. ..83._.La.l..../9d.l........o.].U...........wY.H......`.C.}.sGc@........1......3w}..[e.m.....{e,..........sLL.<...{ .n..-..6../...[ms.w.I..$..BL........7K./.v....}.S.\.tF..E...%._g~.../....T..8...4.....a....[...c....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\2a8d88cc-52eb-41eb-b70e-6de9fa949166.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\437f42fb-5bae-42a3-924b-9e786b184154.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):206855
                                                                                                                                                                                                        Entropy (8bit):7.983996634657522
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                                                        MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                                                        SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                                                        SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                                                        SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\75b3f957-baa7-4df8-81fb-d54b6414cf92.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7bb0534f-88f7-4076-a344-f70e90b97bf6.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):98996
                                                                                                                                                                                                        Entropy (8bit):7.702003651641397
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:+cQXinoKQoMGurcwFy3iTpv6zM39m3FPS:+cEUoKnfLvCCzM39m3FPS
                                                                                                                                                                                                        MD5:34F93FE5B54D7C652360BA28D94F8E66
                                                                                                                                                                                                        SHA1:31901469EADAD58B8BF99BBD9698E60ACDD7ABED
                                                                                                                                                                                                        SHA-256:10DC1ED2D8D9D4DB369DDF7FD6F53EFFC9BFD87F46AFDFC6C86CB637D2067A38
                                                                                                                                                                                                        SHA-512:9B86ACC2F5B92A75BD3028352F03DA10C6424C3514A3372A32EA8F60E79770D8B5AC5DBE0B45DD54B804C6EC79E1A1DBD887D0DF333DD253238DC30E6C5A1000
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Cr24....f"........0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........;:[........o$..#Cb.G+.T.hI.9...M.J..u.:....13S..*...%...)Rd.rROmI#z_..sO6@...'/'..... \....5}k..R..2..22..?E.......r;E..Z...C.^.J...=.E.m..hb%{DiYnrD....T.....B.`Z..OCQf...."..P..7.W...D....}.E7P...uf........A.....s.L.!.......!.9..J..c\Ac\5.....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. Z.......o...$k.Sz.i...9D..K.$.. -=C.}.b...P....;.._"...u..s2#..c".>...........|[..:.._...9...O2o.A`.D......D....4..t...euGOL..~...:.:....^...?..C6...8.....?~..M............?..c#.R.........SyU.R..7..L...6r.mk.U.u....X..Wa.o...".o..l...(.5.....t..o......Y..1Q...me....K.....{.~N=8_.:."G.....qq5...^.~....s'.4...re.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\91b27f56-17f8-40ab-9d58-b9070b53796b.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:PNG image data, 189 x 181, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2023980
                                                                                                                                                                                                        Entropy (8bit):7.996473229233267
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:49152:Rd8MntgFKZYNUsICKyZbHt141GFLDxHuEHg17Umw:XntgFKZYNUs9Dj141OhPHgOd
                                                                                                                                                                                                        MD5:94E0A1A8C3980A4C3AF6B16227FFBD1A
                                                                                                                                                                                                        SHA1:FD0F43E2354AD67C1011EBC98CBD373006894AB5
                                                                                                                                                                                                        SHA-256:FDEB71D244A07A86F3B981631C1FED1C7F22E15103CA6EB6894AF9F45052BCEF
                                                                                                                                                                                                        SHA-512:09854A3D8F7615408DB576053B161925C92493341C2A1CE88D2BA205F0F0EF3E41404E102649E13AB5682CFF076D3A57762E4A17EF8878D1F869210689637DB1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR.............=Z.o....PLTEGpL...........................................................................................................................................................................................................................................................................................x..........5@T................................................(((.............................................................v.............................w..........................w......................................x............................... ...v..w...................................................................................w..w..w..w...........v.................x..x..w..............w..w..y..v.................w..v..w..v..w.....w..w..w..w........w............./..q....tRNS........>..........H.8Z......f...0.d..p$.P...~..v..*M....^.,.TF&6.....kB~a.\:.......xrz..,.?"....<.J..5......@. .mW..~..........J..2.P.z.4s....@1......Xa(...hF.R...e.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\EdgeMS131\EdgeMS131.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1902080
                                                                                                                                                                                                        Entropy (8bit):7.950529300938905
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:6tKUuIjJaao7Fi0FB65JaMPy4RzA0ine8PXhsEh9jwE+:6tWRYr5JaMVzAG8PXh3h6D
                                                                                                                                                                                                        MD5:07D7F9FCE107448C2D383A87DE39AFB2
                                                                                                                                                                                                        SHA1:D9C377345BEDF6B6F26C165A454138DE19A206EB
                                                                                                                                                                                                        SHA-256:27E53850B7B9483834898B605F6DCF4B0C1B71BD1671864A5BC408929C7AB548
                                                                                                                                                                                                        SHA-512:8EA1C6F4CD0DDE7A7A22E686E94D9EFDCD6BA405936CD9C501A903323D36E39E28608184BF7799CCEF168B63EA3365316EB6940EFDF2825F1BA90BEF95F55170
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e..............................K...........@...........................K.....p\....@.................................Vp..j....`.......................{K..............................{K..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..+.........................@...odpxvryq......1.....................@...anidzile......K.....................@....taggant.0....K.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\KbzYBQQ8rannFYWu8sfJ5n4.zip

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3110
                                                                                                                                                                                                        Entropy (8bit):7.7631450407440346
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:X+wHN3yE4zVM7J4rkatCc5qhYbsZu3KJe:X+SN3QzVM1atx5iu6Je
                                                                                                                                                                                                        MD5:945B7BACB6E6AF4C97DD8F174409F86E
                                                                                                                                                                                                        SHA1:7F9646EF8844E49166556F904483996D8E8F21F2
                                                                                                                                                                                                        SHA-256:0F8CFB9A661FE8A726AF06A9C7D1D494E1D0EB0E4691EC56E82B271D2FB86904
                                                                                                                                                                                                        SHA-512:96DFA4C15E3A7C6E46EFD7BA523CA8F2F0A174ECAA4881EC9F9B521EA2E9C8B1B1E8301309EE65FF7F8103D1CE364964544FEF86145D2A27B5D8B1D87002A0FE
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                        • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\KbzYBQQ8rannFYWu8sfJ5n4.zip, Author: Joe Security
                                                                                                                                                                                                        Preview:PK..........UX................Cookies\..PK..........UX................Cookies\Chrome_Default.txt....@.@.H..E2o.)...i...f......L....D."e.moutw.8V}...WB..@#("D.F0".4.$.!.....?...Ny.m~.H...@...h....ee.2<..F.jZu..[)=.F.c.2Fh....J..rf...O..... .N...u5..H6[...o?.....e..I...,.i.h._h.F..............g...*...J'..YV..y....n...kF..uN.@.....i#x...:.eM..n.eT...s.\...S.P..4.ke.8(=...!..F.J..X...MLpL.H.'..[.'...X,........:.C.Hd.%.B....u:W.......n.....{..Fs...],...*.<.:...Dw.Vo/[.........PK..........UXt...............information.txtuXmo.8..n....~i.gU|.I..n.d..f.mr8.2.hc..$'...~..H;.......>...a[..C...{..}3U].rHh..{...1Crc...F..C&..$,f.7.UEi.>.Ij..3..r%..P,....l...V.y,....V.....".H.g.J.........J.w.w~.J+..R..Y.E.f..".\.<............*[........9.....@..V..cQ9.i...}...........[.......7w....x..w.q.?~o.]\B.R..2bL....k.......y"...FE..F.rn.j.......v'....]o.....l...T3..h..C......P....grej..z...xG.&?>....6[.ZS.F....yf.j....9+....'o.e.@..-....w.~..u....;..%..5....w[.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ab07b18a-9a8c-40bc-8568-b66404683bf8.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1983783
                                                                                                                                                                                                        Entropy (8bit):7.996251175872626
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:49152:HQKSD3MntJquV4rs0xHtYFSD+b2KyZ51muEHg17Umw:wK4cntJquV4/nN+KDz1mPHgOd
                                                                                                                                                                                                        MD5:B0FF416BA70C6B5D364D1BC5FD3FF031
                                                                                                                                                                                                        SHA1:828DBFE840D3718BBBFAD42788D1A6FFC596BEE3
                                                                                                                                                                                                        SHA-256:5E27D9658FB33E5793FE5BED2EA554244E5C5FA2973FCDA61528937904F79433
                                                                                                                                                                                                        SHA-512:FB6FC181AF6846C3A00F45BD664823FFA2CB969CCD7EB7744B32631EAAFC005DDEF261BA74FE91A02A90B115C5D0CB7AD94FCD4E94644523AD22C34CBD56B8DE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e101000078020000b4020000ff020000c503000089040000c0040000fe0400003e05000079060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."............................................................................}-gG9H.IH;....QN.fv..B.N..D...U.............WM..* ".t..].#.....%...........................!"#12$3A.................3.z...jZQ5.....>Bb<.fj6t.s..Ic...l..5<.K1Y..W....[....9...U...5pk.@.`GZv4).....3C.Y.N...'........................................!........?....6GQO.a.HH....C........................................?..dY.C...D/C.vu..............................!"12ABQaq..3. #$Rr..........?...6ah.....U......Q-..Y.<..T..}.f.-......;F.y-..o..abed`.p....L....J...@.9.k...w.D.....7:F..R.......b.W..7..[.fe>..B..x.......J>.4nN..).._...$....................!A1Qaq.. ............?!.....am..r..9...5.%.IF.X.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\adobeP2OuO4KF0LZU\Cookies\Chrome_Default.txt

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (369), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):530
                                                                                                                                                                                                        Entropy (8bit):6.01131324322648
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:copYx113fB6BN6nWI7F5rYc0xc5LdxW6bNANfO2hmxEBN6no:KzBochYwxhRAxKqJ
                                                                                                                                                                                                        MD5:350448C3F5349CF53811A638AB396DD4
                                                                                                                                                                                                        SHA1:4F2F2B7A09C5975DC4E26164FAF042A66453817D
                                                                                                                                                                                                        SHA-256:1AD8F746DF0D5B92CD87386A8CC59BDFAE5FB183F9BD295482ADD2F7293957AE
                                                                                                                                                                                                        SHA-512:219BF9680276CEE9CD0BBC5A43AD7A429CD936F3E01512EC86EB7DB754C6F53F696854E37D0A5F54957DF632FEB39E8BECA7A41CDE527354DB7DC1B66B644680
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.google.com.FALSE./.TRUE.1699083741.1P_JAR.ENC893*_djEwQhi70pxk8SYnIsUr5Mx1RafU8aVnOVKREuHIhYZGwf7yYiBTX+/Go9I=_pegY58D3HUBD9QZJcLjavVe+t354dfRkh4996+iwhdQ=*...google.com.TRUE./.TRUE.1712302940.NID.ENC893*_djEwLw0FxAbtzbuLu4wKVSq+uTnRXrV8Hjm5jygIZpKkr22DX+rtTXvcKjen8Rma/GMurYESAmzjenQyKR9qgVu8k/RaiXiSOiaa/lut8WnwO9d8PkBOTAKSZdFhBtU397xZvK8G5XfAi73fDip21OdwdRp1SNZiUAXp6f0j3VYFGuDV6eIgzT4pVkR12LMGBw+RHof28TQ4kFZOLkO7VAFPVzwW25OZFq13SAlLlyUrl4XcbKetVNOrD9EP/gbXB8k6OopuPJAICB2ZHI4=_pegY58D3HUBD9QZJcLjavVe+t354dfRkh4996+iwhdQ=*..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\adobeP2OuO4KF0LZU\information.txt

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5110
                                                                                                                                                                                                        Entropy (8bit):5.318900777890095
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:xe+irbRtHcBpAXiSt3ZRT9kqZlISNANUbg3x:xZivH8ySSt3PT9kqZlmB
                                                                                                                                                                                                        MD5:88E33E536F0AB29B1EB7369F759E11F8
                                                                                                                                                                                                        SHA1:D6594F828FFF3881EED3F5F84DE00403E198F027
                                                                                                                                                                                                        SHA-256:E146031746AF5DCC6498CFCD0DBB1703522D47869BE6E2EF897996B7BD203DC2
                                                                                                                                                                                                        SHA-512:C18705247E6318D2A54165EC280C07DFA98F2A144FF229388600B4FB73234417CFBAB0FCA7583F02A145D7E974BAC0575328A3BF2857B37F78B80B3DBADEF2FD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Build: macho..Version: 1.5....Date: Wed Feb 21 16:24:14 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 778677428bef6f02ba6849834c3032ee....Path: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe..Work Dir: C:\Users\user~1\AppData\Local\Temp\adobeP2OuO4KF0LZU....IP: 191.96.227.222..Location: US, New York City..Windows: Windows 10 Pro [x64]..Computer Name: 818225..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 21/2/2024 16:24:14..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [328]..csrss.exe [412]..wininit.exe [488]..csrss.exe [496]..winlogon.exe [556]..services.exe [624]..lsass.exe [632]..svchost.exe [748]..fontdrvhost.exe [772]

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\adobeP2OuO4KF0LZU\passwords.txt

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4897
                                                                                                                                                                                                        Entropy (8bit):2.518316437186352
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                                                                                        MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                                                                                        SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                                                                                        SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                                                                                        SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\adobey4k6Axf4h0vZ\Cookies\Chrome_Default.txt

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (369), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):530
                                                                                                                                                                                                        Entropy (8bit):6.01131324322648
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:copYx113fB6BN6nWI7F5rYc0xc5LdxW6bNANfO2hmxEBN6no:KzBochYwxhRAxKqJ
                                                                                                                                                                                                        MD5:350448C3F5349CF53811A638AB396DD4
                                                                                                                                                                                                        SHA1:4F2F2B7A09C5975DC4E26164FAF042A66453817D
                                                                                                                                                                                                        SHA-256:1AD8F746DF0D5B92CD87386A8CC59BDFAE5FB183F9BD295482ADD2F7293957AE
                                                                                                                                                                                                        SHA-512:219BF9680276CEE9CD0BBC5A43AD7A429CD936F3E01512EC86EB7DB754C6F53F696854E37D0A5F54957DF632FEB39E8BECA7A41CDE527354DB7DC1B66B644680
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.google.com.FALSE./.TRUE.1699083741.1P_JAR.ENC893*_djEwQhi70pxk8SYnIsUr5Mx1RafU8aVnOVKREuHIhYZGwf7yYiBTX+/Go9I=_pegY58D3HUBD9QZJcLjavVe+t354dfRkh4996+iwhdQ=*...google.com.TRUE./.TRUE.1712302940.NID.ENC893*_djEwLw0FxAbtzbuLu4wKVSq+uTnRXrV8Hjm5jygIZpKkr22DX+rtTXvcKjen8Rma/GMurYESAmzjenQyKR9qgVu8k/RaiXiSOiaa/lut8WnwO9d8PkBOTAKSZdFhBtU397xZvK8G5XfAi73fDip21OdwdRp1SNZiUAXp6f0j3VYFGuDV6eIgzT4pVkR12LMGBw+RHof28TQ4kFZOLkO7VAFPVzwW25OZFq13SAlLlyUrl4XcbKetVNOrD9EP/gbXB8k6OopuPJAICB2ZHI4=_pegY58D3HUBD9QZJcLjavVe+t354dfRkh4996+iwhdQ=*..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\adobey4k6Axf4h0vZ\information.txt

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):6378
                                                                                                                                                                                                        Entropy (8bit):5.263582649707536
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:xe+Y1ISbRtJcBpAXiSt3ZRT9k3ySy47kxsAJANUbg3x:xZaXvJ8ySSt3PT9k38jxsAiB
                                                                                                                                                                                                        MD5:CD75462667EE3ACC0D4B1F0A4C4D0C55
                                                                                                                                                                                                        SHA1:C80004BA65C045B628AF775028BF41FF2B4265A5
                                                                                                                                                                                                        SHA-256:A26706A33515714166E38BCEA0F4B9CD169A007C2B9D85DEDB6450CEFB38C66C
                                                                                                                                                                                                        SHA-512:BC52C89E916E20530A716D47D95198CD5B4CE3704F720ADD3D2E1C7347CA3338663BA78055FB2FC9E2334C02135DEC3E9A5964868675329529B2101E2F0A9887
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Build: macho..Version: 1.5....Date: Wed Feb 21 16:24:56 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 778677428bef6f02ba6849834c3032ee....Path: C:\ProgramData\MPGPH131\MPGPH131.exe..Work Dir: C:\Users\user~1\AppData\Local\Temp\adobey4k6Axf4h0vZ....IP: 191.96.227.222..Location: US, New York City..Windows: Windows 10 Pro [x64]..Computer Name: 818225..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 21/2/2024 16:24:56..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [328]..csrss.exe [412]..wininit.exe [488]..csrss.exe [496]..winlogon.exe [556]..services.exe [624]..lsass.exe [632]..svchost.exe [748]..fontdrvhost.exe [772]..fontdrvhost.exe [780]..svchost.exe [86

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\adobey4k6Axf4h0vZ\passwords.txt

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4897
                                                                                                                                                                                                        Entropy (8bit):2.518316437186352
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                                                                                        MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                                                                                        SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                                                                                        SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                                                                                        SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\c4c436c7-0802-4f72-bd7a-f45875cd44e6.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):76326
                                                                                                                                                                                                        Entropy (8bit):7.9961120748813075
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
                                                                                                                                                                                                        MD5:01E352D35675990A139199DD86B38AAC
                                                                                                                                                                                                        SHA1:E16163C81E5F36B3B819AA0A63BFA63D88548A91
                                                                                                                                                                                                        SHA-256:148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
                                                                                                                                                                                                        SHA-512:75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cc6576b4-cfa0-4fff-8f93-4907ee8b08c1.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1420
                                                                                                                                                                                                        Entropy (8bit):5.413635003090127
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L0wqu5LGx5A0nm0h:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5u
                                                                                                                                                                                                        MD5:FD9477EB9DBE9C4D7D3773F03317F5C3
                                                                                                                                                                                                        SHA1:9597A43ACB4F839260F1422A1C4805FABD8A1595
                                                                                                                                                                                                        SHA-256:B976A67E80497A78992810152B8D04BD03651EC9C52CEE9F8B7C8AB80B2E92E5
                                                                                                                                                                                                        SHA-512:2DF327DD96F881F242BDACEBA1F2EF17A064F5B1DB7ACD79996098FD9DA77B9B24668B95EA10A395E4716EA00B76A4A3865330FB03132C58BD7A490EA6523B3D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\e014c50a-94e5-4a28-970d-5a1781564307.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 720x404, Scaling: [none]x[none], YUV color, decoders should clamp
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3472636
                                                                                                                                                                                                        Entropy (8bit):7.998132346043507
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:49152:WlZno27266HE9smsje08sdCispYR8zrMThPRN3Y5hqw5HfqD8ceeFnznnNWFlI8H:WlVg6QE9spx5d/sbMTFRNI5sGyDMmwj
                                                                                                                                                                                                        MD5:1BEE650F94C49C0279AF38032F4EF88C
                                                                                                                                                                                                        SHA1:F060624DD68A19470FE4A0A222FE55E6CF899685
                                                                                                                                                                                                        SHA-256:0BA6EB33847060A04A071936E558D21B8334EB9BB099AC80718B8D35B983E3EF
                                                                                                                                                                                                        SHA-512:4C6DE50716993ECF6B5BFAD5DA22C38E7B1FFE8B244319290FEFB1F01A7D75AEBD475C5CFCED47DB4D32599D968B88D8BF1D7342F6FF63F624D9AECB18DC39BB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:RIFF.B..WEBPVP8 .B...&...*....>Q&.F..!."...p..gn....bv<^!.[...6...Z.oN..>....]9.Bs.....S......;.o.~..Az.._...a.....}7....~....^...o....~...g.W._..y.......o..._q?......../.?.>....P...#.g.W.O..........G.O...>....z.....W......".v.$a3...Q#....LRS.I|...........jFT".m...8..\(H.m...]8,...Z/..,.....-.....].&..dj.GL%..b.7.".(..../{.....$....>3.P`(}G..=........-gL,.kmE..f......'.O^.E....93BW.I......1..].P.......Y.ck$<.....E.h..h....|~.Qh..yC..........V....M~E3g.......f)..R...J.Z*Z.8..'T..d6.......I...q.....}..!.2.gw..)r.p.h....5%S.&.|.p.F.]..O....ML\#.UmgKC..0Q...Z2n7...)s.R.46X:..._..Q...*.c.f.....$I........?.V.S..6.Q.{.... ....O..,.5-.L...i~4[...].h.c...C.@".e.....cR.q...c$......._..>v......a}.I.....k........^...........,+Q....q...y...f."..F..z..T{#......D...=..aA..I..|.7..9!T.....qY......?T.../.i...&..^...K.h....a..O.3..B...'Bu.O....W_[....&a..7.C.b.......!2p..L.h.&0.*>.s......A..U.KN.....`.z.F.;p.....h....n7..V.a\.2<...3.%.d..>.k~d..R

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\02zdBXl47cvzHistory

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\02zdBXl47cvzcookies.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\2jQJv37iJ0lzCookies

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\3b6N2Xdh3CYwWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                        Entropy (8bit):1.137181696973627
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                        MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                        SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                        SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                        SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5242880
                                                                                                                                                                                                        Entropy (8bit):0.03786218306281921
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
                                                                                                                                                                                                        MD5:4BB4A37B8E93E9B0F5D3DF275799D45E
                                                                                                                                                                                                        SHA1:E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
                                                                                                                                                                                                        SHA-256:89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
                                                                                                                                                                                                        SHA-512:F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\8ghN89CsjOW1Login Data For Account

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\D87fZN3R3jFeWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                        Entropy (8bit):1.137181696973627
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                        MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                        SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                        SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                        SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\D87fZN3R3jFeplaces.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5242880
                                                                                                                                                                                                        Entropy (8bit):0.03786218306281921
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
                                                                                                                                                                                                        MD5:4BB4A37B8E93E9B0F5D3DF275799D45E
                                                                                                                                                                                                        SHA1:E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
                                                                                                                                                                                                        SHA-256:89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
                                                                                                                                                                                                        SHA-512:F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\Ei8DrAmaYu9KLogin Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\IWPfiAXUTJTSHistory

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\KvHrxJ77cmUgLogin Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):51200
                                                                                                                                                                                                        Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                        MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                        SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                        SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                        SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\NPpBaQ8mvtuVlc8hdwT4.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):2332672
                                                                                                                                                                                                        Entropy (8bit):7.958959551859468
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:cTgbaKqgO7ZrtDsZ+SihyU4iW13hi4wNY5lH4SEPdmmM8pV5ePAge7h:cT2fOZrtI3e4wS5lH4vdmQWe
                                                                                                                                                                                                        MD5:9D2C7897664527641D4A773BD49CC545
                                                                                                                                                                                                        SHA1:4E02513DB3A20EA0BE55285ACD12BD39901721CD
                                                                                                                                                                                                        SHA-256:A16A662FDC2A7143B05981C853AABBA06277F6DEE63516F10537A9FDB2C7EB44
                                                                                                                                                                                                        SHA-512:1B7F8941E219EA727494C8665C40EFB6EF8DE1040E6FB738CAC1EE60E8F840FFA10A61A323FFD8A41EB251226E79C64E892A7666E55F25FB3854A1E6142A8F64
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..........PE..L......e...............".....V........Y...........@...........................Z.......#...@.................................W...k....`...C.......................................................................................................... . .P..........................@....rsrc....C...`......................@....idata ............................@... ..+.........................@...ylraglyl.p...`?..d..................@...uyguhsif......Y......r#.............@....taggant.0....Y.."...v#.............@...................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\QdX9ITDLyCRBWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                        Entropy (8bit):1.137181696973627
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                        MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                        SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                        SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                        SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):918528
                                                                                                                                                                                                        Entropy (8bit):6.582329064958357
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:jqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgatTv:jqDEvCTbMWu7rQYlBQcBiT6rprG8apv
                                                                                                                                                                                                        MD5:17FEBB6CBC56CF10917289FA796F1554
                                                                                                                                                                                                        SHA1:7F63E5AE74CFBAA89BAC3DDD0A0595D95BBE4DF8
                                                                                                                                                                                                        SHA-256:ACB21F5BCE5D257B7A756F8215D3864A56F3994996023802E2A9130D1A921A05
                                                                                                                                                                                                        SHA-512:8BF1053B5BF18E3B5CD7DC67715BC304F09B9F910A634C441CADE0444EA8DA1CB8D98CD37626A50CCED94DF2B13FBF3B34C52801358C26CF0499CC5649B045AC
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e.........."..........T......w.............@..........................`.......S....@...@.......@.....................d...|....@..X........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...X....@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\UPG2LoPXwc7OWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                        Entropy (8bit):1.1215420383712111
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                                                                                                        MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                                                                                                        SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                                                                                                        SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                                                                                                        SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\ZunTSaNJLBVfWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                        Entropy (8bit):1.1215420383712111
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                                                                                                        MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                                                                                                        SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                                                                                                        SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                                                                                                        SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\_WH7GEUgP5nY6c3Q4pig.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1741312
                                                                                                                                                                                                        Entropy (8bit):7.942941230756999
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:3IRDZai/B/MdXKcamL8NbEZuzpRIgi1sWUDYl8jNmAOr64eucfzbNslGz0NYz:KJAXKlmLdypRIgbNYecAVuG3NiGz0
                                                                                                                                                                                                        MD5:754EA30A3E0BB956D161F4A088FB3BBC
                                                                                                                                                                                                        SHA1:B07A9CBC323D468F2F4353717E168BC408B5159F
                                                                                                                                                                                                        SHA-256:0E71048E8C57746F93C0FB1289EE190E68A17EEFC792ED8A2FF03CA3E91E4693
                                                                                                                                                                                                        SHA-512:2CA99979475EB3AC3E1C731A78A029D4AAC60B6352510645445CF704648B5CF48F49A08CA3450B3B8818E213BD3F4CFAA6EB5069468B7AB2AE112AC52E42F66A
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$e.........."...0..$...........`E.. ...`....@.. ........................E....../....`.................................m........`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........6..............@... .`*..........8..............@...mevurvzu.`....+..V...:..............@...dvmgpahi. ...`E.....................@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\mZFmu1Xdn33jwBaBkyPP.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1902080
                                                                                                                                                                                                        Entropy (8bit):7.950529300938905
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:6tKUuIjJaao7Fi0FB65JaMPy4RzA0ine8PXhsEh9jwE+:6tWRYr5JaMVzAG8PXh3h6D
                                                                                                                                                                                                        MD5:07D7F9FCE107448C2D383A87DE39AFB2
                                                                                                                                                                                                        SHA1:D9C377345BEDF6B6F26C165A454138DE19A206EB
                                                                                                                                                                                                        SHA-256:27E53850B7B9483834898B605F6DCF4B0C1B71BD1671864A5BC408929C7AB548
                                                                                                                                                                                                        SHA-512:8EA1C6F4CD0DDE7A7A22E686E94D9EFDCD6BA405936CD9C501A903323D36E39E28608184BF7799CCEF168B63EA3365316EB6940EFDF2825F1BA90BEF95F55170
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e..............................K...........@...........................K.....p\....@.................................Vp..j....`.......................{K..............................{K..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..+.........................@...odpxvryq......1.....................@...anidzile......K.....................@....taggant.0....K.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\o0qT3dWYBP7ZHistory

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\oOPEmFmu_xsJCookies

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):0.848598812124929
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                                                                                                                                                        MD5:9664DAA86F8917816B588C715D97BE07
                                                                                                                                                                                                        SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                                                                                                                                                        SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                                                                                                                                                        SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\pSE1jchbiT9aHistory

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\suOrwW4ZcUbjWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                        Entropy (8bit):1.1215420383712111
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                                                                                                        MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                                                                                                        SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                                                                                                        SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                                                                                                        SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\u1qcfpIk_jMf8TqxGWKO.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3022336
                                                                                                                                                                                                        Entropy (8bit):7.9880560786253945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:4EiAf3r5X+ExHBxogJPRgq2nDmidjfFkUZyTUPQEMPIjPG6qmyq:0Af3r5u5gJuq2D5vkwoEL66qlq
                                                                                                                                                                                                        MD5:4E7BB1C53BDB0DC1C445C882B17B1D62
                                                                                                                                                                                                        SHA1:69C709694DE4F709A9C0676EBA4C16210BEC83E2
                                                                                                                                                                                                        SHA-256:62DF400DADD4D3E31711058BF9D6F66FE3245DDC9FB873FE4FA5DF505EC9F55D
                                                                                                                                                                                                        SHA-512:43B837399C6997FE84A50F2119DCB49C6B2F656FE492E5EBC02672FCB9A564A6095F68958D20B78E513D844E2371087F2FCE2DCCEEC024EFB79C6ADB7B8CA120
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....`......(.............@.......................................@... .. .... .. .......... .........x....0..h...........................................................................................................................4..................@............p......."...8..............@............@...0.......Z..............@............0...p.......b..............@....................d...b..............@....rsrc....0...0...0..................@..@.........@y..`...(..................@....data.....".......".................@...................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\02zdBXl47cvzHistory

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\02zdBXl47cvzcookies.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\3b6N2Xdh3CYwWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                        Entropy (8bit):1.137181696973627
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                        MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                        SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                        SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                        SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5242880
                                                                                                                                                                                                        Entropy (8bit):0.03786218306281921
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
                                                                                                                                                                                                        MD5:4BB4A37B8E93E9B0F5D3DF275799D45E
                                                                                                                                                                                                        SHA1:E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
                                                                                                                                                                                                        SHA-256:89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
                                                                                                                                                                                                        SHA-512:F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\8ghN89CsjOW1Login Data For Account

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\D87fZN3R3jFeWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                        Entropy (8bit):1.137181696973627
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                        MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                        SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                        SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                        SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\D87fZN3R3jFeplaces.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5242880
                                                                                                                                                                                                        Entropy (8bit):0.03786218306281921
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
                                                                                                                                                                                                        MD5:4BB4A37B8E93E9B0F5D3DF275799D45E
                                                                                                                                                                                                        SHA1:E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
                                                                                                                                                                                                        SHA-256:89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
                                                                                                                                                                                                        SHA-512:F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\Ei8DrAmaYu9KLogin Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\IWPfiAXUTJTSHistory

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\KvHrxJ77cmUgLogin Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):51200
                                                                                                                                                                                                        Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                        MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                        SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                        SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                        SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\QdX9ITDLyCRBWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                        Entropy (8bit):1.137181696973627
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                        MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                        SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                        SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                        SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\UPG2LoPXwc7OWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                        Entropy (8bit):1.1215420383712111
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                                                                                                        MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                                                                                                        SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                                                                                                        SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                                                                                                        SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\o0qT3dWYBP7ZHistory

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                        Entropy (8bit):0.5722235462664532
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:+4SNcTWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEhyH:+4whH+bDo3iN0Z2TVJkXBBE3ybX
                                                                                                                                                                                                        MD5:1968474357C08D14CC470D39862B04B7
                                                                                                                                                                                                        SHA1:F87D17CCDC95FD6285BC89D47F0663671E8C9489
                                                                                                                                                                                                        SHA-256:D1ACF466B1977DD89AEFAAFA7003435A907976902A1C64551BD2A905AD225A01
                                                                                                                                                                                                        SHA-512:E099C26DD2293ADA327AA060D12D68DB95E1726798335512C73717EBD87CF483C86E2C9C7A28A5180B7D5F7939A798070022AFA3CC14CA44F6CACC354244D4F6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\oOPEmFmu_xsJCookies

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):0.848598812124929
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                                                                                                                                                        MD5:9664DAA86F8917816B588C715D97BE07
                                                                                                                                                                                                        SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                                                                                                                                                        SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                                                                                                                                                        SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiloRRjQF78xUD\suOrwW4ZcUbjWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                        Entropy (8bit):1.1215420383712111
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                                                                                                        MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                                                                                                        SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                                                                                                        SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                                                                                                        SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\02zdBXl47cvzHistory

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\02zdBXl47cvzcookies.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\2jQJv37iJ0lzCookies

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\3b6N2Xdh3CYwWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                        Entropy (8bit):1.137181696973627
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                        MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                        SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                        SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                        SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5242880
                                                                                                                                                                                                        Entropy (8bit):0.03786218306281921
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
                                                                                                                                                                                                        MD5:4BB4A37B8E93E9B0F5D3DF275799D45E
                                                                                                                                                                                                        SHA1:E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
                                                                                                                                                                                                        SHA-256:89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
                                                                                                                                                                                                        SHA-512:F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\5iIJTbdsN2MJtwDonh3p.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3022336
                                                                                                                                                                                                        Entropy (8bit):7.9880560786253945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:4EiAf3r5X+ExHBxogJPRgq2nDmidjfFkUZyTUPQEMPIjPG6qmyq:0Af3r5u5gJuq2D5vkwoEL66qlq
                                                                                                                                                                                                        MD5:4E7BB1C53BDB0DC1C445C882B17B1D62
                                                                                                                                                                                                        SHA1:69C709694DE4F709A9C0676EBA4C16210BEC83E2
                                                                                                                                                                                                        SHA-256:62DF400DADD4D3E31711058BF9D6F66FE3245DDC9FB873FE4FA5DF505EC9F55D
                                                                                                                                                                                                        SHA-512:43B837399C6997FE84A50F2119DCB49C6B2F656FE492E5EBC02672FCB9A564A6095F68958D20B78E513D844E2371087F2FCE2DCCEEC024EFB79C6ADB7B8CA120
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...N@.e...............".....`......(.............@.......................................@... .. .... .. .......... .........x....0..h...........................................................................................................................4..................@............p......."...8..............@............@...0.......Z..............@............0...p.......b..............@....................d...b..............@....rsrc....0...0...0..................@..@.........@y..`...(..................@....data.....".......".................@...................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\8ghN89CsjOW1Login Data For Account

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\CPgYvz9Aj0UjQFQxMO66.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1908224
                                                                                                                                                                                                        Entropy (8bit):7.948331616403662
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:NlXjILQlWgl0SQw4G4ubdXsfVHfPiQtTZZv5:7FrSwdyVHfPrZ
                                                                                                                                                                                                        MD5:73B8BD940F0DA3278C79A58BC5B412E9
                                                                                                                                                                                                        SHA1:74A1851C04C5E8789AD5CD0C2B5C6A8C6C13CE35
                                                                                                                                                                                                        SHA-256:31F7CC0C7C8E0F820057997E878CB4A0E9B434C498A096FFF37E021909F164F0
                                                                                                                                                                                                        SHA-512:5D3E277413F71601EC70D32C02D324CA14A545739490F2420FFD3483BC6B88769690E5774B1A7B3DE7ED7D1AFAB341BB10C12F0417C103561BC2597DA17769EA
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e.............................0K...........@..........................`K...........@.................................Vp..j....`......................`.K...............................K..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...pnqzgoyr......1.....................@...xzseijod..... K.....................@....taggant.0...0K.."..................@...................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\D87fZN3R3jFeWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                        Entropy (8bit):1.137181696973627
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                        MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                        SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                        SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                        SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\D87fZN3R3jFeplaces.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5242880
                                                                                                                                                                                                        Entropy (8bit):0.03786218306281921
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
                                                                                                                                                                                                        MD5:4BB4A37B8E93E9B0F5D3DF275799D45E
                                                                                                                                                                                                        SHA1:E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
                                                                                                                                                                                                        SHA-256:89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
                                                                                                                                                                                                        SHA-512:F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\Ei8DrAmaYu9KLogin Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\IWPfiAXUTJTSHistory

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\KvHrxJ77cmUgLogin Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):51200
                                                                                                                                                                                                        Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                        MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                        SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                        SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                        SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\QdX9ITDLyCRBWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                        Entropy (8bit):1.137181696973627
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                        MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                        SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                        SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                        SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\UPG2LoPXwc7OWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                        Entropy (8bit):1.1215420383712111
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                                                                                                        MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                                                                                                        SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                                                                                                        SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                                                                                                        SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\XVBRN46YoSEg_PLvB4Ku.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1742848
                                                                                                                                                                                                        Entropy (8bit):7.943497835417937
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:kNdrcn+MzzcDXU0vyqSMSs+LKSdYjYBT+p:kNdrEO/lSMZ+LK8q
                                                                                                                                                                                                        MD5:EBE3516415D8FD2E337044DB1EE9C027
                                                                                                                                                                                                        SHA1:09AAA949A171A683B1B26E64D41873131CE39F06
                                                                                                                                                                                                        SHA-256:F57072BF138C27A90FC15BABDA76C30144217A66FABAAF98337F2B12ACA9BC63
                                                                                                                                                                                                        SHA-512:B6D5C7598C86CD5BF1035D771512C419543AA8EFB91812D1CA7965060B8A3DAF48E7BC5ED60B535CE1ADAD170DBB7E94F6254C58655FE6E47AFE837D4DE02F11
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$e.........."...0..$............E.. ...`....@.. ........................E.....f.....`.................................m........`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........6..............@... ..*..........8..............@...bszskcvh.`...`+..\...:..............@...qpnzysyi. ....E.....................@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\ZunTSaNJLBVfWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                        Entropy (8bit):1.1215420383712111
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                                                                                                        MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                                                                                                        SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                                                                                                        SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                                                                                                        SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\o0qT3dWYBP7ZHistory

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                        Entropy (8bit):0.5722235462664532
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:+4SNcTWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEhyH:+4whH+bDo3iN0Z2TVJkXBBE3ybX
                                                                                                                                                                                                        MD5:1968474357C08D14CC470D39862B04B7
                                                                                                                                                                                                        SHA1:F87D17CCDC95FD6285BC89D47F0663671E8C9489
                                                                                                                                                                                                        SHA-256:D1ACF466B1977DD89AEFAAFA7003435A907976902A1C64551BD2A905AD225A01
                                                                                                                                                                                                        SHA-512:E099C26DD2293ADA327AA060D12D68DB95E1726798335512C73717EBD87CF483C86E2C9C7A28A5180B7D5F7939A798070022AFA3CC14CA44F6CACC354244D4F6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\oOPEmFmu_xsJCookies

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                        Entropy (8bit):0.848598812124929
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
                                                                                                                                                                                                        MD5:9664DAA86F8917816B588C715D97BE07
                                                                                                                                                                                                        SHA1:FAD9771763CD861ED8F3A57004C4B371422B7761
                                                                                                                                                                                                        SHA-256:8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
                                                                                                                                                                                                        SHA-512:E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\pSE1jchbiT9aHistory

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                        Entropy (8bit):0.5722235462664532
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:+4SNcTWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEhyH:+4whH+bDo3iN0Z2TVJkXBBE3ybX
                                                                                                                                                                                                        MD5:1968474357C08D14CC470D39862B04B7
                                                                                                                                                                                                        SHA1:F87D17CCDC95FD6285BC89D47F0663671E8C9489
                                                                                                                                                                                                        SHA-256:D1ACF466B1977DD89AEFAAFA7003435A907976902A1C64551BD2A905AD225A01
                                                                                                                                                                                                        SHA-512:E099C26DD2293ADA327AA060D12D68DB95E1726798335512C73717EBD87CF483C86E2C9C7A28A5180B7D5F7939A798070022AFA3CC14CA44F6CACC354244D4F6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\suOrwW4ZcUbjWeb Data

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                        Entropy (8bit):1.1215420383712111
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                                                                                                        MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                                                                                                        SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                                                                                                        SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                                                                                                        SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\v1VZ6nGHGXr580lMFhVz.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):2316288
                                                                                                                                                                                                        Entropy (8bit):7.959810497724322
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:nuS+w88+aJg+TiXHRxvOAORFOUnoOtazwtJTKidc:bvmPxvOAg9nXazkT1
                                                                                                                                                                                                        MD5:4D4459649C8A83996BC9595CEA9E9F00
                                                                                                                                                                                                        SHA1:FCCB70F97C4072420DB9E768869D9AFEDD53ACE4
                                                                                                                                                                                                        SHA-256:9370B6DA84FC516B7673E0245645C7CDC9206080DE9C3B7DD93E4856ADB602E8
                                                                                                                                                                                                        SHA-512:DDFB616331B5F18BF5B0C0F49832B189AB69704A8AA421BAC04D77E489500E7BB21EB6FFB8F0A86B06763BD2D6C8C743F1C3D40AB9C86A18DF3ED0D88B1D16F4
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..........PE..L......e...............".....V........Y...........@...........................Y......;$...@.................................W...k....`...C.......................................................................................................... . .P..........................@....rsrc....C...`......................@....idata ............................@... ..+.........................@...ewxuruvs.0...P?..$..................@...oacrgbfp......Y......2#.............@....taggant.0....Y.."...6#.............@...................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\heidiy4k6Axf4h0vZ\x5MiuJIGTLsEg19UprNr.exe

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):918528
                                                                                                                                                                                                        Entropy (8bit):6.582329064958357
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:jqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgatTv:jqDEvCTbMWu7rQYlBQcBiT6rprG8apv
                                                                                                                                                                                                        MD5:17FEBB6CBC56CF10917289FA796F1554
                                                                                                                                                                                                        SHA1:7F63E5AE74CFBAA89BAC3DDD0A0595D95BBE4DF8
                                                                                                                                                                                                        SHA-256:ACB21F5BCE5D257B7A756F8215D3864A56F3994996023802E2A9130D1A921A05
                                                                                                                                                                                                        SHA-512:8BF1053B5BF18E3B5CD7DC67715BC304F09B9F910A634C441CADE0444EA8DA1CB8D98CD37626A50CCED94DF2B13FBF3B34C52801358C26CF0499CC5649B045AC
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L......e.........."..........T......w.............@..........................`.......S....@...@.......@.....................d...|....@..X........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...X....@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                        MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                        SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                        SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                        SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\rage131MP.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                        Entropy (8bit):2.6235166412180155
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:L3DXXm/n:LDXW/
                                                                                                                                                                                                        MD5:9B77C7EC871386F6DFB408F843C0CA28
                                                                                                                                                                                                        SHA1:86EFF973582CA7763F7EFAB308321CE171ED737F
                                                                                                                                                                                                        SHA-256:10D5077F3C6B9BFA24B17D4C608A226804B27C8A4DB9D35739997D4A65D8DF4A
                                                                                                                                                                                                        SHA-512:F2F89705DEE7F4214D8ABBDF49DF5D7A90F6E28888E2F507510377FA8EDEB82A85B131E798AFFB40F826E9E5E663CC0CE06738DABB1616B3636993D053F92A51
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:1708533527000

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\7bb0534f-88f7-4076-a344-f70e90b97bf6.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):98996
                                                                                                                                                                                                        Entropy (8bit):7.702003651641397
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:+cQXinoKQoMGurcwFy3iTpv6zM39m3FPS:+cEUoKnfLvCCzM39m3FPS
                                                                                                                                                                                                        MD5:34F93FE5B54D7C652360BA28D94F8E66
                                                                                                                                                                                                        SHA1:31901469EADAD58B8BF99BBD9698E60ACDD7ABED
                                                                                                                                                                                                        SHA-256:10DC1ED2D8D9D4DB369DDF7FD6F53EFFC9BFD87F46AFDFC6C86CB637D2067A38
                                                                                                                                                                                                        SHA-512:9B86ACC2F5B92A75BD3028352F03DA10C6424C3514A3372A32EA8F60E79770D8B5AC5DBE0B45DD54B804C6EC79E1A1DBD887D0DF333DD253238DC30E6C5A1000
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Cr24....f"........0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........;:[........o$..#Cb.G+.T.hI.9...M.J..u.:....13S..*...%...)Rd.rROmI#z_..sO6@...'/'..... \....5}k..R..2..22..?E.......r;E..Z...C.^.J...=.E.m..hb%{DiYnrD....T.....B.`Z..OCQf...."..P..7.W...D....}.E7P...uf........A.....s.L.!.......!.9..J..c\Ac\5.....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. Z.......o...$k.Sz.i...9D..K.$.. -=C.}.b...P....;.._"...u..s2#..c".>...........|[..:.._...9...O2o.A`.D......D....4..t...euGOL..~...:.:....^...?..C6...8.....?~..M............?..c#.R.........SyU.R..7..L...6r.mk.U.u....X..Wa.o...".o..l...(.5.....t..o......Y..1Q...me....K.....{.~N=8_.:."G.....qq5...^.~....s'.4...re.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\128.png

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4982
                                                                                                                                                                                                        Entropy (8bit):7.929761711048726
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                        MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                        SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                        SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                        SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):908
                                                                                                                                                                                                        Entropy (8bit):4.512512697156616
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                        MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                        SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                        SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                        SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1285
                                                                                                                                                                                                        Entropy (8bit):4.702209356847184
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                        MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                        SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                        SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                        SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1244
                                                                                                                                                                                                        Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                        MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                        SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                        SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                        SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                        Entropy (8bit):4.867640976960053
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                        MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                        SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                        SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                        SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3107
                                                                                                                                                                                                        Entropy (8bit):3.535189746470889
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                        MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                        SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                        SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                        SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1389
                                                                                                                                                                                                        Entropy (8bit):4.561317517930672
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                        MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                        SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                        SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                        SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1763
                                                                                                                                                                                                        Entropy (8bit):4.25392954144533
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                        MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                        SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                        SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                        SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):930
                                                                                                                                                                                                        Entropy (8bit):4.569672473374877
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                        MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                        SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                        SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                        SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):913
                                                                                                                                                                                                        Entropy (8bit):4.947221919047
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                        MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                        SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                        SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                        SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):806
                                                                                                                                                                                                        Entropy (8bit):4.815663786215102
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                        MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                        SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                        SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                        SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):883
                                                                                                                                                                                                        Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                        MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                        SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                        SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                        SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1031
                                                                                                                                                                                                        Entropy (8bit):4.621865814402898
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                        MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                        SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                        SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                        SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1613
                                                                                                                                                                                                        Entropy (8bit):4.618182455684241
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                        MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                        SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                        SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                        SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):848
                                                                                                                                                                                                        Entropy (8bit):4.494568170878587
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                        MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                        SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                        SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                        SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1425
                                                                                                                                                                                                        Entropy (8bit):4.461560329690825
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                        MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                        SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                        SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                        SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):961
                                                                                                                                                                                                        Entropy (8bit):4.537633413451255
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                        MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                        SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                        SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                        SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):959
                                                                                                                                                                                                        Entropy (8bit):4.570019855018913
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                        MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                        SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                        SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                        SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):968
                                                                                                                                                                                                        Entropy (8bit):4.633956349931516
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                        MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                        SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                        SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                        SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):838
                                                                                                                                                                                                        Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                        MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                        SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                        SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                        SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1305
                                                                                                                                                                                                        Entropy (8bit):4.673517697192589
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                        MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                        SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                        SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                        SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):911
                                                                                                                                                                                                        Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                        MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                        SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                        SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                        SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):939
                                                                                                                                                                                                        Entropy (8bit):4.451724169062555
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                        MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                        SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                        SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                        SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                        Entropy (8bit):4.622066056638277
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                        MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                        SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                        SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                        SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):972
                                                                                                                                                                                                        Entropy (8bit):4.621319511196614
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                        MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                        SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                        SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                        SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):990
                                                                                                                                                                                                        Entropy (8bit):4.497202347098541
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                        MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                        SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                        SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                        SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1658
                                                                                                                                                                                                        Entropy (8bit):4.294833932445159
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                        MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                        SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                        SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                        SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1672
                                                                                                                                                                                                        Entropy (8bit):4.314484457325167
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                        MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                        SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                        SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                        SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):935
                                                                                                                                                                                                        Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                        MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                        SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                        SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                        SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1065
                                                                                                                                                                                                        Entropy (8bit):4.816501737523951
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                        MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                        SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                        SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                        SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2771
                                                                                                                                                                                                        Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                        MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                        SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                        SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                        SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):858
                                                                                                                                                                                                        Entropy (8bit):4.474411340525479
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                        MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                        SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                        SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                        SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):954
                                                                                                                                                                                                        Entropy (8bit):4.631887382471946
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                                                                                                                                                        MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                                                                                                                                                        SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                                                                                                                                                        SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                                                                                                                                                        SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):899
                                                                                                                                                                                                        Entropy (8bit):4.474743599345443
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                        MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                        SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                        SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                        SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2230
                                                                                                                                                                                                        Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                        MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                        SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                        SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                        SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1160
                                                                                                                                                                                                        Entropy (8bit):5.292894989863142
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                        MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                        SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                        SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                        SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3264
                                                                                                                                                                                                        Entropy (8bit):3.586016059431306
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                        MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                        SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                        SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                        SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3235
                                                                                                                                                                                                        Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                        MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                        SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                        SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                        SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3122
                                                                                                                                                                                                        Entropy (8bit):3.891443295908904
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                        MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                        SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                        SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                        SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1880
                                                                                                                                                                                                        Entropy (8bit):4.295185867329351
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                                                                                                                                                        MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                                                                                                                                                        SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                                                                                                                                                        SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                                                                                                                                                        SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1042
                                                                                                                                                                                                        Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                        MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                        SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                        SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                        SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2535
                                                                                                                                                                                                        Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                        MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                        SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                        SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                        SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1028
                                                                                                                                                                                                        Entropy (8bit):4.797571191712988
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                        MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                        SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                        SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                        SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):994
                                                                                                                                                                                                        Entropy (8bit):4.700308832360794
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                        MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                        SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                        SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                        SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2091
                                                                                                                                                                                                        Entropy (8bit):4.358252286391144
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                        MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                        SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                        SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                        SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2778
                                                                                                                                                                                                        Entropy (8bit):3.595196082412897
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                        MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                        SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                        SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                        SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1719
                                                                                                                                                                                                        Entropy (8bit):4.287702203591075
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                        MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                        SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                        SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                        SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):936
                                                                                                                                                                                                        Entropy (8bit):4.457879437756106
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                        MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                        SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                        SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                        SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):3830
                                                                                                                                                                                                        Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                        MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                        SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                        SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                        SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1898
                                                                                                                                                                                                        Entropy (8bit):4.187050294267571
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                        MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                        SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                        SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                        SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                        Entropy (8bit):4.513485418448461
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                        MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                        SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                        SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                        SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):878
                                                                                                                                                                                                        Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                        MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                        SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                        SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                        SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2766
                                                                                                                                                                                                        Entropy (8bit):3.839730779948262
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                        MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                        SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                        SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                        SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):978
                                                                                                                                                                                                        Entropy (8bit):4.879137540019932
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                        MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                        SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                        SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                        SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):907
                                                                                                                                                                                                        Entropy (8bit):4.599411354657937
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                        MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                        SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                        SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                        SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                        Entropy (8bit):4.604761241355716
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                        MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                        SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                        SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                        SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):937
                                                                                                                                                                                                        Entropy (8bit):4.686555713975264
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                        MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                        SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                        SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                        SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1337
                                                                                                                                                                                                        Entropy (8bit):4.69531415794894
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                        MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                        SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                        SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                        SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2846
                                                                                                                                                                                                        Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                        MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                        SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                        SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                        SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):934
                                                                                                                                                                                                        Entropy (8bit):4.882122893545996
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                        MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                        SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                        SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                        SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):963
                                                                                                                                                                                                        Entropy (8bit):4.6041913416245
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                        MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                        SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                        SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                        SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1320
                                                                                                                                                                                                        Entropy (8bit):4.569671329405572
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                        MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                        SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                        SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                        SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):884
                                                                                                                                                                                                        Entropy (8bit):4.627108704340797
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                        MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                        SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                        SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                        SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):980
                                                                                                                                                                                                        Entropy (8bit):4.50673686618174
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                        MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                        SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                        SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                        SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1941
                                                                                                                                                                                                        Entropy (8bit):4.132139619026436
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                        MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                        SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                        SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                        SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1969
                                                                                                                                                                                                        Entropy (8bit):4.327258153043599
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                        MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                        SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                        SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                        SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1674
                                                                                                                                                                                                        Entropy (8bit):4.343724179386811
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                        MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                        SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                        SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                        SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1063
                                                                                                                                                                                                        Entropy (8bit):4.853399816115876
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                        MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                        SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                        SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                        SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1333
                                                                                                                                                                                                        Entropy (8bit):4.686760246306605
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                        MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                        SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                        SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                        SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1263
                                                                                                                                                                                                        Entropy (8bit):4.861856182762435
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                        MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                        SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                        SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                        SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1074
                                                                                                                                                                                                        Entropy (8bit):5.062722522759407
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                        MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                        SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                        SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                        SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):879
                                                                                                                                                                                                        Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                        MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                        SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                        SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                        SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1205
                                                                                                                                                                                                        Entropy (8bit):4.50367724745418
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                        MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                        SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                        SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                        SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):843
                                                                                                                                                                                                        Entropy (8bit):5.76581227215314
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                        MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                        SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                        SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                        SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):912
                                                                                                                                                                                                        Entropy (8bit):4.65963951143349
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                        MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                        SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                        SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                        SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):18518
                                                                                                                                                                                                        Entropy (8bit):5.709939179890619
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:cLjrY6QDAwrlbs3jiD1DisLSFqwAqmq9ayzDy:2jrSHbMjidLSFxA+ayfy
                                                                                                                                                                                                        MD5:05BEDDE10A35815204BEB8BADD3DB9B4
                                                                                                                                                                                                        SHA1:000E7E6984EDEF11E937929DB047FF6FCB87CB1E
                                                                                                                                                                                                        SHA-256:65A138E44834C8EE9D2946960C97D6FF3978874F4641A16568322B9318976151
                                                                                                                                                                                                        SHA-512:9F42514DBA8F11ED41041C68960B7538BADFC0CEC6AF01F885AB7197DA27CAE0EC0DE78E49D585612AC4B5C025C070EF4F03ED39E894D9699FFE887272487D07
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiOE1xa2JXMkFQWkVpbzlQTHlYNVItT3o1bGs5a29sbnlWTWtvYlVabk15YyIsInBhdGgiOiJfbG9jYWxlcy9hZi9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoicWhJZ1d4Q0hVTS1mb0plRVlhYllpQjVPZ05vZ3FFYllKTnBBYWRuSkdFYyJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiV0E0cW96b3R5ZzJrcUpKU0FEYWNVMGNDbEdJYjlmMmp1ejhYalh0YUhybyIsInBhdGgiOiJfbG9jYWxlcy9hbS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiWk9BYndwSzZMcUZwbFhiOHhFVTJjRWRTRHVpVjRwRE03aURDVEpNMjJPOCJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiQlk4QVRlUUktWHNqLWFSbVZfTi03dHVzUlJyQUNkU25yU3NhT2d3R3pTWSIsInBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsiY2Fub25pY2FsX2pzb25fcm9vdF9oYXNoIjoiX0pLU3pRcGk4TVczZE5WZldwN281STVjX09

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):854
                                                                                                                                                                                                        Entropy (8bit):4.284628987131403
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                        MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                        SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                        SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                        SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\eventpage_bin_prod.js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3422)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):82471
                                                                                                                                                                                                        Entropy (8bit):5.379624543852408
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:1jejtmkYJ6fA5z4d+3+NOzChedbeZtk68cWcYuCKRLlGGwL:BvuTczCQbIZBY7L
                                                                                                                                                                                                        MD5:A7D0D56DF8E576C9CDE7DB6C11045CD7
                                                                                                                                                                                                        SHA1:EAFE0A7FE5217B254FCE57223A5C8F4A30B1B56A
                                                                                                                                                                                                        SHA-256:37FABD0B7AB065ECAF481064D770A2DBF61A8C23F6BE1E10D2085812ADB0EC8A
                                                                                                                                                                                                        SHA-512:66ACA2AA2BC4DB901250DA2DAD0202352D89CD8C1A16616F106FF73D0EED2E1EC4852940443BAFDFAAB264AF1185769B33E240BB94E8B263AA5B0D6AF16CFB10
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:'use strict';function m(){return function(){}}var p;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ca(this);function t(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g){this.g=f;ba(this,"description",{configurable:!

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\manifest.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2397
                                                                                                                                                                                                        Entropy (8bit):5.424093225335539
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1HEZ4qW4VlELb/KxktGu7VwELb/s2QDkUpvdlmF1exy/Otj1pSVvs:W7WsaLTKQGuxTLT2Rv3mves/OPpSVk
                                                                                                                                                                                                        MD5:A71CE16FE7E71948777A01794E461DE4
                                                                                                                                                                                                        SHA1:51310DF56DBDEC1329DB8946888A208B477712CA
                                                                                                                                                                                                        SHA-256:431EBF00F6BAB228FBAD80663CAAE73427516D6AB3D34939ECB6DCB5D0A566CC
                                                                                                                                                                                                        SHA-512:EAA2513BCA54F184083CD6E50738EF99D8C5C562075D5237E5B5A23DDA8DA694A7B0F0E9251C7C9A3BE2BD51614CCEBF32127F4CC9C49DDA9A7036434E7D5AAB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "persistent": false,.. "scripts": [ "eventpage_bin_prod.js" ].. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": "script-src 'self'; object-src 'self'",.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "matches": [ "htt

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_1515738679\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):291
                                                                                                                                                                                                        Entropy (8bit):4.644891151983713
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK6M23:2Q8KVqb2u/Rt3OnjI
                                                                                                                                                                                                        MD5:EE9839F99DED6F38DC561DB846B51E80
                                                                                                                                                                                                        SHA1:DD2128A473C2FF47471400C81EFF416285DE606E
                                                                                                                                                                                                        SHA-256:06E08E421EB7F0FE7959D68E27D40A9146A54503090D95CFAC6F2FFD72A78769
                                                                                                                                                                                                        SHA-512:C8D77607F00CB8012CD056CE61CB77918EC43621270511303E09577F89CC57D4954E22E2C8C3FB1029AAE29F8142DAAE2E938CD5590AD0E5DE6DB1208AFEF874
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=2;}).call(this);.

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_486930789\75b3f957-baa7-4df8-81fb-d54b6414cf92.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_486930789\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1753
                                                                                                                                                                                                        Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                        MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                        SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                        SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                        SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_486930789\CRX_INSTALL\content.js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):9815
                                                                                                                                                                                                        Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                        MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                        SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                        SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                        SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_486930789\CRX_INSTALL\content_new.js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10388
                                                                                                                                                                                                        Entropy (8bit):6.174387413738973
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                        MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                        SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                        SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                        SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir9736_486930789\CRX_INSTALL\manifest.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):962
                                                                                                                                                                                                        Entropy (8bit):5.698567446030411
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                        MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                        SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                        SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                        SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):491284
                                                                                                                                                                                                        Entropy (8bit):7.997725234203649
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:12288:u8fhrUPE5+8TK1g9M6y5JJtuiA50eHgB2rAnavTQu:fZrUPE5I1g9M6yyZ0AgYra4Z
                                                                                                                                                                                                        MD5:09372174E83DBBF696EE732FD2E875BB
                                                                                                                                                                                                        SHA1:BA360186BA650A769F9303F48B7200FB5EACCEE1
                                                                                                                                                                                                        SHA-256:C32EFAC42FAF4B9878FB8917C5E71D89FF40DE580C4F52F62E11C6CFAB55167F
                                                                                                                                                                                                        SHA-512:B667086ED49579592D435DF2B486FE30BA1B62DDD169F19E700CD079239747DD3E20058C285FA9C10A533E34F22B5198ED9B1F92AE560A3067F3E3FEACC724F1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:PK...........V...,.}..........gmpopenh264.dll..|.U.8.I.....`....&l.Vpm.5Sf.N.(.."..YXY.%....V:;.......>....u.-...U....(.E.?*.ES.R..?...{'i...]}.}>._?Mr.....s.3s'....Ng.O0..m..?...z..4~{...w...H.\3{....U?*Y..K..+W.-K......,_i.g.k....NJLL.j0F..y..[?}1..........'.G^.#..^.C..{1.~..>.i..=............>}i.......h..h..t..O..^>w..PY.n.e.>...%Q.3....&H.d9....tqZ..pg3....G@u!.........[.4h....E.w.Y...~_1.^.#!f.+,.au......,._..:&...{N..1..~p..~?..DJ..T.".,.vR....u..P........8D;.,.BOp..........D..'...q*..l...;..6$.........9&.<.bU....dExynP..KK.........7~M.X....?.-Q..*.....zs......>..\...bv...y...s..+zN.Kr.(. .Ee.QRco.8..8.~..o..D.OT.5......O.gC.F.3..E......('..>......2Eu.5]l.t}.`...:j.....IW.u...J.....H.m.R.Tz.....O...*..Q...9..j.c.Uc...U8gD..q.^.3..|..Q.g[..Q6Q.q.....GBg..F[.\...D.C.?:1.}.../.t ..`.....}..........@...8c.G.....o. .......TyK.....sS.S..a.a..LR.0.k,.</;"...L.!WDp.M....8r..S..kq..o.0.m.-..,Z.[...>.G....P~.|.7TR...Ug.7.j......8Q>-.u..

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\wX6zn8pyLt2gpUsQYjkpSFK.zip

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2791
                                                                                                                                                                                                        Entropy (8bit):7.716838447268173
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:9ioaiX1+D0R7FQHVmPQPx+EoC/w2Tb0QAnjXShXJ678GRhTn3KJ6igkieOi77iDw:QCF+wR7FQHVdPfoCdynjChZzehT3KJZh
                                                                                                                                                                                                        MD5:344AE88CD4A0EB9FFD14FCD1A04B8C93
                                                                                                                                                                                                        SHA1:DDEACC56DA5E554B6B438D389BED26D88E8939CE
                                                                                                                                                                                                        SHA-256:0D7043896E8B3421E55D6F8161F12C622A2742D16EB4F981B8641CA18B168E1D
                                                                                                                                                                                                        SHA-512:816419086B3AAF9C071367B1C1B9BFCAFA721F79888DF31A65D7E9439F0EBF2FC031228EF3B7217292A741D16C0FCD25DA5E50358563C07C20F784DBA03F72F6
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                        • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\wX6zn8pyLt2gpUsQYjkpSFK.zip, Author: Joe Security
                                                                                                                                                                                                        Preview:PK..........UX................Cookies\..PK..........UX................Cookies\Chrome_Default.txt....@.@.H..E2o.)...i...f......L....D."e.moutw.8V}...WB..@#("D.F0".4.$.!.....?...Ny.m~.H...@...h....ee.2<..F.jZu..[)=.F.c.2Fh....J..rf...O..... .N...u5..H6[...o?.....e..I...,.i.h._h.F..............g...*...J'..YV..y....n...kF..uN.@.....i#x...:.eM..n.eT...s.\...S.P..4.ke.8(=...!..F.J..X...MLpL.H.'..[.'...X,........:.C.Hd.%.B....u:W.......n.....{..Fs...],...*.<.:...Dw.Vo/[.........PK..........UX. .j...........information.txt.XKs...kF..3.$s+./..VMd'.M.h,)n...EB2.)BCR~.......#...G....y|....vE...&.n.p...M.1aQ<...'ik.....]...Sc..L.N..\.....'c.X&..&.L.t$5..e./G...-.^.T.._.^...........c.L...Pe..>.........Fi-.Y.ZQ.L....2.Tpk........f.@.7..Umn.........f..h.y.rQ.6.UQ...k.gZ.}..U$ .8.B..>..+W...>...............Io..,-o.v..Is..S.c.C~.L....~.O..E..8......v$/f.%......4).'0ZT.{h....a.LkG.....p0q..5..n 1...!Q.=..:$.h.e.D.m..]o.qC......Z..5..hr6.|.OK......sZ...%.......E....=...

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5488
                                                                                                                                                                                                        Entropy (8bit):3.3165855229562404
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:0dfwkAv9TIUx2dWoM15JzLN8zm1dfwkAv9swM+bpoqdWoM15JzLFX1RgmrdfwkAR:0diSUgdwuzediy6BdwCcdiyadww1
                                                                                                                                                                                                        MD5:C87412386CCA22C9741BAE8D0F41E4FF
                                                                                                                                                                                                        SHA1:AE9E10C48D6F9C323B4005821B9A407C6832B86E
                                                                                                                                                                                                        SHA-256:131F88B95763A61762F886D1C55C267E9ECFACB3A4D49033C46F8BD72E1948B5
                                                                                                                                                                                                        SHA-512:A601CB870AE89D0DD52FE69C60223B4E76897533E72EEA8FC0BC649D31F8F532DDC329070DD64D87F301C99DF1A7E57D4B5D18082541473D1ABA9A8013D95B8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...................................FL..................F.@.. ...p..........d..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.IUX.....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}WUX.............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}WUX...............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............S......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5488
                                                                                                                                                                                                        Entropy (8bit):3.3165855229562404
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:0dfwkAv9TIUx2dWoM15JzLN8zm1dfwkAv9swM+bpoqdWoM15JzLFX1RgmrdfwkAR:0diSUgdwuzediy6BdwCcdiyadww1
                                                                                                                                                                                                        MD5:C87412386CCA22C9741BAE8D0F41E4FF
                                                                                                                                                                                                        SHA1:AE9E10C48D6F9C323B4005821B9A407C6832B86E
                                                                                                                                                                                                        SHA-256:131F88B95763A61762F886D1C55C267E9ECFACB3A4D49033C46F8BD72E1948B5
                                                                                                                                                                                                        SHA-512:A601CB870AE89D0DD52FE69C60223B4E76897533E72EEA8FC0BC649D31F8F532DDC329070DD64D87F301C99DF1A7E57D4B5D18082541473D1ABA9A8013D95B8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...................................FL..................F.@.. ...p..........d..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.IUX.....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}WUX.............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}WUX...............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............S......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6P3QSYFHVB61TL3I4ZA6.temp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5488
                                                                                                                                                                                                        Entropy (8bit):3.3165855229562404
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:0dfwkAv9TIUx2dWoM15JzLN8zm1dfwkAv9swM+bpoqdWoM15JzLFX1RgmrdfwkAR:0diSUgdwuzediy6BdwCcdiyadww1
                                                                                                                                                                                                        MD5:C87412386CCA22C9741BAE8D0F41E4FF
                                                                                                                                                                                                        SHA1:AE9E10C48D6F9C323B4005821B9A407C6832B86E
                                                                                                                                                                                                        SHA-256:131F88B95763A61762F886D1C55C267E9ECFACB3A4D49033C46F8BD72E1948B5
                                                                                                                                                                                                        SHA-512:A601CB870AE89D0DD52FE69C60223B4E76897533E72EEA8FC0BC649D31F8F532DDC329070DD64D87F301C99DF1A7E57D4B5D18082541473D1ABA9A8013D95B8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...................................FL..................F.@.. ...p..........d..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.IUX.....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}WUX.............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}WUX...............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............S......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K6YA413QA7BL7PVSLXL6.temp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5488
                                                                                                                                                                                                        Entropy (8bit):3.3165855229562404
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:0dfwkAv9TIUx2dWoM15JzLN8zm1dfwkAv9swM+bpoqdWoM15JzLFX1RgmrdfwkAR:0diSUgdwuzediy6BdwCcdiyadww1
                                                                                                                                                                                                        MD5:C87412386CCA22C9741BAE8D0F41E4FF
                                                                                                                                                                                                        SHA1:AE9E10C48D6F9C323B4005821B9A407C6832B86E
                                                                                                                                                                                                        SHA-256:131F88B95763A61762F886D1C55C267E9ECFACB3A4D49033C46F8BD72E1948B5
                                                                                                                                                                                                        SHA-512:A601CB870AE89D0DD52FE69C60223B4E76897533E72EEA8FC0BC649D31F8F532DDC329070DD64D87F301C99DF1A7E57D4B5D18082541473D1ABA9A8013D95B8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:...................................FL..................F.@.. ...p..........d..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.IUX.....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}WUX.............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}WUX...............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z.............S......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS131.lnk

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Wed Feb 21 15:38:37 2024, mtime=Wed Feb 21 15:38:37 2024, atime=Wed Feb 21 14:24:26 2024, length=1902080, window=hide
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1194
                                                                                                                                                                                                        Entropy (8bit):4.964040694103747
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:8UN2CSRwgK79Z/Uf9lI3AyBYjOYzD3v3Uwqygm:8UN2CSRGJZQnjL3v3myg
                                                                                                                                                                                                        MD5:7CA0C0A96EAAA8EF799002BB12367732
                                                                                                                                                                                                        SHA1:CE36A368C135D88F80EAB37301DE802604769D06
                                                                                                                                                                                                        SHA-256:9E1325EEB349F92CF1B2AD6312A63205D3660EB2D17A32CF1ACB717F2AC810E9
                                                                                                                                                                                                        SHA-512:3DC3954CAD64F96562ABF954D7884836F8164ED6E2EFEA1F03D33D1D3581E5C5E49644C1B9DA94D92DDBDE12BBACB5DA26B2CD2A7F4A6F114A46ED3076021842
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:L..................F.... ...G..j.d..g5.j.d......d.......................... .:..DG..Yr?.D..U..k0.&...&......Qg.*_...m...d....Gp.d......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=UX...........................3*N.A.p.p.D.a.t.a...B.P.1.....UX.{..Local.<......EW.=UX............................3..L.o.c.a.l.....N.1.....UX...Temp..:......EW.=UX.............................#.T.e.m.p.....\.1.....UX...EDGEMS~1..D......UX.UX......<.....................;..E.d.g.e.M.S.1.3.1.....h.2.....UX.{ .EDGEMS~1.EXE..L......UX.UX......<....................3...E.d.g.e.M.S.1.3.1...e.x.e.......l...............-.......k.............S......C:\Users\user\AppData\Local\Temp\EdgeMS131\EdgeMS131.exe....E.d.g.e.M.S.1.3.1.4.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.M.S.1.3.1.\.E.d.g.e.M.S.1.3.1...e.x.e.........|....I.J.H..K..:...`.......X.......818225...........hT..CrF.f4... .JS......,......hT..CrF.f4... .JS......,..................1SPS.XF

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4514
                                                                                                                                                                                                        Entropy (8bit):4.940651530561321
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLHU8P:8S+Oc+UAOdwiOdKeQjDLHU8P
                                                                                                                                                                                                        MD5:ACBDE20CAD0210A01F997E0A7ECD4B41
                                                                                                                                                                                                        SHA1:838CA09B110CA767C5CFFDFD095D170EC6DA30B2
                                                                                                                                                                                                        SHA-256:DEE04827C080FBB21A3204AAF2ABF2E175414E57AB8F5417D5D5CA4B6B884FCE
                                                                                                                                                                                                        SHA-512:5037AEEC79995582C70E2E395E9236134FDBA3234DD1E72B64C4354EA41C9CF1E22755235FA034DA7F622AE46535E2C800889CB9E9FBDAFAF2102044BB0D3A13
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4514
                                                                                                                                                                                                        Entropy (8bit):4.940651530561321
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLHU8P:8S+Oc+UAOdwiOdKeQjDLHU8P
                                                                                                                                                                                                        MD5:ACBDE20CAD0210A01F997E0A7ECD4B41
                                                                                                                                                                                                        SHA1:838CA09B110CA767C5CFFDFD095D170EC6DA30B2
                                                                                                                                                                                                        SHA-256:DEE04827C080FBB21A3204AAF2ABF2E175414E57AB8F5417D5D5CA4B6B884FCE
                                                                                                                                                                                                        SHA-512:5037AEEC79995582C70E2E395E9236134FDBA3234DD1E72B64C4354EA41C9CF1E22755235FA034DA7F622AE46535E2C800889CB9E9FBDAFAF2102044BB0D3A13
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\Telemetry.FailedProfileLocks.txt

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:1

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5318
                                                                                                                                                                                                        Entropy (8bit):6.62067557672702
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                                                                                                                                                                        MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                                                                                                                                                                        SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                                                                                                                                                                        SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                                                                                                                                                                        SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):5318
                                                                                                                                                                                                        Entropy (8bit):6.62067557672702
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                                                                                                                                                                        MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                                                                                                                                                                        SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                                                                                                                                                                        SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                                                                                                                                                                        SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 8, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):229376
                                                                                                                                                                                                        Entropy (8bit):0.7363881042023731
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:w1zkVmvQhyn+Zoz67c0NlXMM6333Jp/LKXKN8qNotu:wOzMMaCc
                                                                                                                                                                                                        MD5:FD8F6C979E3FDF3359DC18B65A777DA3
                                                                                                                                                                                                        SHA1:9F1516D2D6AF1093033C74252429CD36812E269C
                                                                                                                                                                                                        SHA-256:3A74443B46929953C9F38993FCBAEA770E4F54AE43576EB2E0E909985166A4E3
                                                                                                                                                                                                        SHA-512:9B32D6CBE2AA6BE440DB6A736FA5FB9AD57B0872B421A159827CEBD6F27789234B6EEFCEF2EF4C6E412C4A10485C20502842FF4847F146D876395895AF47E3C9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db-journal

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite Rollback Journal
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):229944
                                                                                                                                                                                                        Entropy (8bit):0.6440604743545421
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:7xtwN4NlXMM6333Jp/LKXKN85H1zkVmvQhyn+Zoz67n:HzMMaC9G
                                                                                                                                                                                                        MD5:54AA002957CD43903B7EC95E73C05534
                                                                                                                                                                                                        SHA1:F4E7335CF0D6214492741FB72F388128B73CB61E
                                                                                                                                                                                                        SHA-256:40F32B06523694BE356C5F28A4AFD21CF44657386FB3EB84AC3E1BD4C7FB20E7
                                                                                                                                                                                                        SHA-512:CA9855D46EF083B8E453660B39B93B38F1829EA1C93771475ACE1151D368E84B7FD5F2A4897F3A295DF41228890B0A4A3C0144AC922303F053CE57F1E0F71913
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.... .c.....$.d...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................k............k................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):262144
                                                                                                                                                                                                        Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                        MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                        SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                        SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                        SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqlite-journal

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite Rollback Journal
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):33288
                                                                                                                                                                                                        Entropy (8bit):0.3090119015482571
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:7+tMn6LCvwae+Q8Uu50xj0aWe9LxYkKA25Q5T:7MC6awae+QtMImelekKDa5T
                                                                                                                                                                                                        MD5:17021D6C42397B938831FF798A570D6B
                                                                                                                                                                                                        SHA1:07B023FC7337F697F40126B49252655E545690FD
                                                                                                                                                                                                        SHA-256:7940DBFA5C7B2BC732E63B921D53A4951778C650DE12247FA020AE91C47D36F6
                                                                                                                                                                                                        SHA-512:FD15E2540C5328E2A92A802EA41707A85D31FAC4E5752313C0DC99881F6CDC4B1B0B1171AA3894194D39110E5C8391F0C2D5473B782C91ED722EECCDBD1D9D7C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.... .c.....W.U.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.............................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.03906759305224382
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:G68lVkQo5vot68lVkQo53/l+Ra9//9lklklallltZllllll:G6UkjWt6UkjL+89Xal
                                                                                                                                                                                                        MD5:B8A5E00D7D96BCF984E467DEA7373DCD
                                                                                                                                                                                                        SHA1:4AFAC5074EA6767337AFAEE7270178223E44C0DD
                                                                                                                                                                                                        SHA-256:60947659E6F7103CE6F475F015658265464637D68975CF1196F34D4288D26870
                                                                                                                                                                                                        SHA-512:4553365EE058E3D70D3D56B5A8FD7760362BD72AE3EE37E3CD784740BF2C22F18999346202BE5E6B303742943743F619981F66B8A19504640E2DE252351A49A7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.........................z..*..9..f}^....a..-.........................z..*..9..f}^....a........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-wal

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):163992
                                                                                                                                                                                                        Entropy (8bit):0.06516097688696225
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:Kh1U09QFH5CuLuozLm1U0eHoGU1FFH5hLuozLa1A:EU0SFZCCuoHWU0MoGUPFZZuoHCA
                                                                                                                                                                                                        MD5:092D4E3F383953A27C9D1EFF2FD4B914
                                                                                                                                                                                                        SHA1:07AC3066B4299543857BEC69D3C5D1C0A1079311
                                                                                                                                                                                                        SHA-256:625E5B973346C091C638A292708D043F33BEBB7A3286655E82CF2DFA2307131C
                                                                                                                                                                                                        SHA-512:B3B64E64E5B4E8DD95A265CCFEBD4E8E3C913A19C8D232C3E1ACFA663D22774F5518C92DA6CAEE944F92AFD614BC0903DD6D2D51A07FF9B7CEA4600DF89B5C87
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:7....-..........*..9..f...=.jI.........*..9..f.......L................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\aborted-session-ping (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):49787
                                                                                                                                                                                                        Entropy (8bit):5.24522500141581
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:8JXOVDueRkaZJ1qymnoxx9ooEu/pVDd44NhnzFSJ2RD:8V8CeeYygPpVDJNhnzFSJW
                                                                                                                                                                                                        MD5:3EC6292AE0172F42C53D4DF34B175280
                                                                                                                                                                                                        SHA1:434F4A0BBAFF4675CF69C7F0A7A44D2EA8D139D1
                                                                                                                                                                                                        SHA-256:9CA7BBBB62AAF2B2D7FB20F93F655E5A35546DD3972B866CBD0EEC808D2CBBAD
                                                                                                                                                                                                        SHA-512:DC36F13B6AA77AD1D4D50E305F08E84FF388824B39F3A97C7B7A7D09256BCAA2E8BC9A99387349B714781CB6BA8D057D12E68C2159286892D29187B3D297D93F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"type":"main","id":"17eab5af-2fcd-471d-bdd7-a08b5bf7b7b8","creationDate":"2024-02-21T17:54:03.289Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":8971,"start":4446917,"main":4448046,"selectProfile":4448137,"afterProfileLocked":4448140,"startupCrashDetectionBegin":4451818,"firstPaint":4457289,"firstPaint2":4456619,"sessionRestoreInit":4453694,"sessionRestored":4488760,"createTopLevelWindow":4452370,"AMI_startup_begin":8898299,"XPI_startup_begin":8898307,"XPI_bootstrap_addons_begin":8898318,"XPI_bootstrap_addons_end":8898655,"XPI_startup_end":8898655,"AMI_startup_end":8898656,"XPI_finalUIStartup":8900107,"sessionRestoreInitialized":8900119,"delayedStartupStarted":8930694,"delayedStartupFinished":8933558,"startupInterrupted":0,"debuggerAttached":0,"s

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\aborted-session-ping.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):49787
                                                                                                                                                                                                        Entropy (8bit):5.24522500141581
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:8JXOVDueRkaZJ1qymnoxx9ooEu/pVDd44NhnzFSJ2RD:8V8CeeYygPpVDJNhnzFSJW
                                                                                                                                                                                                        MD5:3EC6292AE0172F42C53D4DF34B175280
                                                                                                                                                                                                        SHA1:434F4A0BBAFF4675CF69C7F0A7A44D2EA8D139D1
                                                                                                                                                                                                        SHA-256:9CA7BBBB62AAF2B2D7FB20F93F655E5A35546DD3972B866CBD0EEC808D2CBBAD
                                                                                                                                                                                                        SHA-512:DC36F13B6AA77AD1D4D50E305F08E84FF388824B39F3A97C7B7A7D09256BCAA2E8BC9A99387349B714781CB6BA8D057D12E68C2159286892D29187B3D297D93F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"type":"main","id":"17eab5af-2fcd-471d-bdd7-a08b5bf7b7b8","creationDate":"2024-02-21T17:54:03.289Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":8971,"start":4446917,"main":4448046,"selectProfile":4448137,"afterProfileLocked":4448140,"startupCrashDetectionBegin":4451818,"firstPaint":4457289,"firstPaint2":4456619,"sessionRestoreInit":4453694,"sessionRestored":4488760,"createTopLevelWindow":4452370,"AMI_startup_begin":8898299,"XPI_startup_begin":8898307,"XPI_bootstrap_addons_begin":8898318,"XPI_bootstrap_addons_end":8898655,"XPI_startup_end":8898655,"AMI_startup_end":8898656,"XPI_finalUIStartup":8900107,"sessionRestoreInitialized":8900119,"delayedStartupStarted":8930694,"delayedStartupFinished":8933558,"startupInterrupted":0,"debuggerAttached":0,"s

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\data.safe.bin (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Matlab v4 mat-file (little endian) g, rows 0, columns 1025
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7047
                                                                                                                                                                                                        Entropy (8bit):4.390104316362124
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:PubQHnoNEEyEuu9OSSF9nbkW6cSiW3trpZCAXBewP/PVeHpO1:mYu9O9vnbocSiqewPVeJg
                                                                                                                                                                                                        MD5:5E04BEA63B52308411E12F50C76AD5A6
                                                                                                                                                                                                        SHA1:263E6A332B5771D6DD27684A889ECB976CC4AC1F
                                                                                                                                                                                                        SHA-256:1F4E5E1E08EA08AA5E76B122B30867146792B83D56F183D306FA7EA80CB86554
                                                                                                                                                                                                        SHA-512:0963E2B03557E5D07DD6ACA49811EDE11925129980DB9A298FFFD382A1DA70AF18A9B3100856774D5707B296E94D492F7DD63AEF44689D5CC934387932264C8C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.................ping.....................user....................glean_client_info#client_id9........0...........$.......114b232f-58b0-42d5-93f4-6b8fa6718b07 .......glean_client_info#first_run_date<........3...........#.......2023-10-05T08:41:27.555066300+01:00....%.......glean_internal_info#baseline#sequence.........................".......glean_internal_info#baseline#start<........3...........#.......2024-02-21T18:54:05.539462800+01:00............glean_internal_info#dirtybit......................#.......glean_internal_info#events#sequence......................... .......glean_internal_info#events#start<........3...........#.......2024-02-21T18:53:51.166395100+01:00....-.......glean_internal_info#messaging-system#sequence.........................*.......glean_internal_info#messaging-system#start<........3...........#.......2024-02-21T18:54:05.850285600+01:00....$.......glean_internal_info#metrics#sequence.........................!.......glean_internal_info#metrics#start<........3....

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\data.safe.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Matlab v4 mat-file (little endian) g, rows 0, columns 1025
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):7047
                                                                                                                                                                                                        Entropy (8bit):4.390104316362124
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:PubQHnoNEEyEuu9OSSF9nbkW6cSiW3trpZCAXBewP/PVeHpO1:mYu9O9vnbocSiqewPVeJg
                                                                                                                                                                                                        MD5:5E04BEA63B52308411E12F50C76AD5A6
                                                                                                                                                                                                        SHA1:263E6A332B5771D6DD27684A889ECB976CC4AC1F
                                                                                                                                                                                                        SHA-256:1F4E5E1E08EA08AA5E76B122B30867146792B83D56F183D306FA7EA80CB86554
                                                                                                                                                                                                        SHA-512:0963E2B03557E5D07DD6ACA49811EDE11925129980DB9A298FFFD382A1DA70AF18A9B3100856774D5707B296E94D492F7DD63AEF44689D5CC934387932264C8C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.................ping.....................user....................glean_client_info#client_id9........0...........$.......114b232f-58b0-42d5-93f4-6b8fa6718b07 .......glean_client_info#first_run_date<........3...........#.......2023-10-05T08:41:27.555066300+01:00....%.......glean_internal_info#baseline#sequence.........................".......glean_internal_info#baseline#start<........3...........#.......2024-02-21T18:54:05.539462800+01:00............glean_internal_info#dirtybit......................#.......glean_internal_info#events#sequence......................... .......glean_internal_info#events#start<........3...........#.......2024-02-21T18:53:51.166395100+01:00....-.......glean_internal_info#messaging-system#sequence.........................*.......glean_internal_info#messaging-system#start<........3...........#.......2024-02-21T18:54:05.850285600+01:00....$.......glean_internal_info#metrics#sequence.........................!.......glean_internal_info#metrics#start<........3....

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\background-update

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):699
                                                                                                                                                                                                        Entropy (8bit):4.672095187448186
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:YsDhIuZJca575/61pVRQDaKIurPpgRKk+8dJFbDaKIurPpgRKkK9efJQ8l:YSlMizDaAtmdHbDaAtqf1l
                                                                                                                                                                                                        MD5:6651360CB1FC07CA26C16ACC9762A7A2
                                                                                                                                                                                                        SHA1:B4360A91E723480E65627085D61B9B76821F282E
                                                                                                                                                                                                        SHA-256:8E70FC6B20A6F23950F6993B7A10284F0E4D37CA36C884B419A0B5DB1D1354F1
                                                                                                                                                                                                        SHA-512:1146791BC2CECDB52D5A9489E3FFA6B9C16A6D8CE6EA39F9BF8E0FA6957308AA18F667A007759B9787C37E57AFA4E04705388DBD29CCA7C3F5BE5A6A26DB7666
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"timestamp":56151,"category":"nimbus_events","name":"enrollment","extra":{"experiment":"extensions-migration-in-import-wizard-116-rollout","experiment_type":"rollout","enrollment_id":"53f584c1-60fd-48ff-b0a3-e2dbb8fc6c64","branch":"control"}}.{"timestamp":58492,"category":"nimbus_events","name":"validation_failed","extra":{"experiment":"next-generation-accessibility-engine-powering-screen-readers","reason":"invalid-feature","feature":"accessibilityCache"}}.{"timestamp":58492,"category":"nimbus_events","name":"validation_failed","extra":{"experiment":"next-generation-accessibility-engine-powering-screen-readers-and-other-ats-copy","feature":"accessibilityCache","reason":"invalid-feature"}}.

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\events

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):773
                                                                                                                                                                                                        Entropy (8bit):4.675492210200253
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:YsDJIem1DhIuZJca575/61pVRQDaKIurPpgRKk+8dJFbDaKIurPpgRKkK9efJQ8l:YSgDlMizDaAtmdHbDaAtqf1l
                                                                                                                                                                                                        MD5:C21C334EFC3327375143459194973D21
                                                                                                                                                                                                        SHA1:A772EE073FEA4A906063B7049BCD825474BC5DE3
                                                                                                                                                                                                        SHA-256:E5E433BF473B5B36F29EFAD08B6D6BEF4E7B1C99A3C54B21E8A7CE7E7814130D
                                                                                                                                                                                                        SHA-512:6D4A3ECBB55E369807FB6FE91882C04E8BE47CD6656B2D162EEB49FF1DC53FBE00297A37AC1F2CF624442456E3BF1559370C42C27D383D06DAA4066C28DE7627
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"timestamp":0,"category":"fog.validation","name":"validate_early_event"}.{"timestamp":56151,"category":"nimbus_events","name":"enrollment","extra":{"experiment":"extensions-migration-in-import-wizard-116-rollout","experiment_type":"rollout","enrollment_id":"53f584c1-60fd-48ff-b0a3-e2dbb8fc6c64","branch":"control"}}.{"timestamp":58492,"category":"nimbus_events","name":"validation_failed","extra":{"experiment":"next-generation-accessibility-engine-powering-screen-readers","reason":"invalid-feature","feature":"accessibilityCache"}}.{"timestamp":58492,"category":"nimbus_events","name":"validation_failed","extra":{"experiment":"next-generation-accessibility-engine-powering-screen-readers-and-other-ats-copy","feature":"accessibilityCache","reason":"invalid-feature"}}.

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\292d3bdb-fe64-4637-b000-944223e00c80 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (10871)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10942
                                                                                                                                                                                                        Entropy (8bit):4.710792179690498
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:rcSSbv1vMUV0aFC04+uY4GWFv+xVqFEoxfRQbFaw1CF2nR5nRxs2Al3JBF:rchd0akh+WoMBJ
                                                                                                                                                                                                        MD5:7F7E627D88F339EDEED8FB6E5821A90C
                                                                                                                                                                                                        SHA1:0ABE03686F6AFCAAE58AE9C15494382A69CB2200
                                                                                                                                                                                                        SHA-256:4FD37E99849F7593B2580A1F02C1EA6863EE1FC5078F7D6CD41A951BF43A202B
                                                                                                                                                                                                        SHA-512:A07F4A7A674B5F64223112E31EE23B2EE352071A896FD076D2C293471FA90428DE460D01CF3846268EE8E6811B47DD62073CC801D6A73B89B39DA2149B81266E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/metrics/1/292d3bdb-fe64-4637-b000-944223e00c80.{"ping_info":{"seq":0,"start_time":"2024-02-21T18:53+01:00","end_time":"2024-02-21T18:53+01:00","reason":"overdue","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","app_build":"20230927232528","locale":"en-US","os":"Windows","app_channel":"release","os_version":"10.0","app_display_version":"118.0.1","architecture":"x86_64","client_id":

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\3e6f0371-71b6-4f22-a51b-cd59a6a2f8d6 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2821)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2891
                                                                                                                                                                                                        Entropy (8bit):4.918564446667
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:qj4SoWLuTSSbXt2iODgUCWpZ3mzqhjS6SeyXt2LdWLp4gcpgn8Z:qjsTSSjtXODkM32eW6Sftq1PZ
                                                                                                                                                                                                        MD5:5C1A17E1004694FD1ABF3C35AD03FE2E
                                                                                                                                                                                                        SHA1:39BC31EF6FAD61219312EC7F8FA1AF9859377591
                                                                                                                                                                                                        SHA-256:4E90D99556425888CF9942B2D079A79328144DA7525F7F211B1CABFB1345C832
                                                                                                                                                                                                        SHA-512:0D2F8A3C7C30DA03FE6BBF06782B935242D440982BE8F8E50DD5F1707A3AF39F42F9E3EEEFFD446B5D0A47F3289CCB309E6785A5528DE042319DF1F69D380299
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/events/1/3e6f0371-71b6-4f22-a51b-cd59a6a2f8d6.{"ping_info":{"seq":1,"start_time":"2023-10-05T08:41+01:00","end_time":"2024-02-21T18:53+01:00","reason":"startup","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","type":"nimbus-rollout"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","first_run_date":"2023-10-05+01:00","build_date":"1970-01-01T00:00:00+00:00","client_id":"114b232f-58b0-42d5-93f4-6b8fa6718b07","windows_build_number":19045,"os":"Windows","a

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\6eaf15b3-37e6-4847-a3b7-7d2bd47e311a (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (872)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):942
                                                                                                                                                                                                        Entropy (8bit):4.998657019470945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:BGjE69FULnjlRdTAa1gChBps5wZLNYGAuYOH:oE4FU7uyBpsuGOH
                                                                                                                                                                                                        MD5:D7FE95959CDB44CC7E757A47264E3A29
                                                                                                                                                                                                        SHA1:1638A0EF88596B63D5CD2CE6C9680B69EB3ECE50
                                                                                                                                                                                                        SHA-256:76AAA2BD6397A6ABD5F9D41D9E1C5CE77B444E0B874271DEA8DFBFAEA3246DB0
                                                                                                                                                                                                        SHA-512:E7ED6E38A45F50CA4E32FFDA7DFE0D41A96C278ED150EEEDCA938A848F748C418C4575E19528F8B9CF4465E180C99AF6B69749151220F999CB2EB1974A70E8C0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/newtab/1/6eaf15b3-37e6-4847-a3b7-7d2bd47e311a.{"ping_info":{"seq":4,"start_time":"2023-10-05T08:41+01:00","end_time":"2024-02-21T18:54+01:00","reason":"component_init"},"client_info":{"telemetry_sdk_build":"53.2.0","build_date":"1970-01-01T00:00:00+00:00","first_run_date":"2023-10-05+01:00","app_build":"20230927232528","locale":"en-US","os_version":"10.0","app_display_version":"118.0.1","architecture":"x86_64","os":"Windows","app_channel":"release","client_id":"114b232f-58b0-42d5-93f4-6b8fa6718b07","windows_build_number":19045},"metrics":{"boolean":{"topsites.enabled":true,"newtab.search.enabled":true,"pocket.is_signed_in":false,"pocket.sponsored_stories_enabled":true,"pocket.enabled":true,"topsites.sponsored_enabled":true},"string_list":{"newtab.blocked_sponsors":[]},"quantity":{"topsites.rows":1},"string":{"newtab.locale":"en-US","newtab.homepage_category":"enabled","newtab.newtab_category":"enabled"}}}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\8b9e6c29-c82f-4f95-ae4b-309ad7e58d80 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1531)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1611
                                                                                                                                                                                                        Entropy (8bit):5.081692507781077
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:aN4KHSajgWL+ODmQVXt2zUwj4BpECpoOacTZwY:YZSajoODxttWGE2ojcTZwY
                                                                                                                                                                                                        MD5:92CF4AD8F92E2373EDEADE46FC03AED0
                                                                                                                                                                                                        SHA1:F209AC1DD8E86BD0D33FE2FC921042BF18DED214
                                                                                                                                                                                                        SHA-256:108920D9B82AB3FBCBB882A1295CB65AD1CA36C512A69797261A33EF03779204
                                                                                                                                                                                                        SHA-512:5F76F3A43752A23A411CA32F235AD76CBFFDA985E3D6C34A85F496680015304E00C16E6D9BD9C32D34F1935A7B6C702CB646CA622B99968729B601EC65683A58
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/messaging-system/1/8b9e6c29-c82f-4f95-ae4b-309ad7e58d80.{"ping_info":{"seq":20,"start_time":"2023-10-05T08:41+01:00","end_time":"2024-02-21T18:54+01:00","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"53f584c1-60fd-48ff-b0a3-e2dbb8fc6c64","type":"nimbus-rollout"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","first_run_date":"202

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\ba1afd8d-4412-40e5-ae98-e5fe51056fac (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1549)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1629
                                                                                                                                                                                                        Entropy (8bit):5.09696586089344
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:fO9KuZwODfSajgWL4Xt2zU3jFBpEC+aT+ZW+v7g:fKwODfSaj2txFEIT+ZW+vk
                                                                                                                                                                                                        MD5:D2A95D0CF219826F1D64A52AD6DCCB78
                                                                                                                                                                                                        SHA1:EEB9762AD0E1CB0F58B1392FB6DB677F6A042B20
                                                                                                                                                                                                        SHA-256:ADFEC46EF76055007A5E249A93844E4CCEC00C4F6B7347EA2BD40B0B2791E2B2
                                                                                                                                                                                                        SHA-512:76AEAFCBF7EF8BFA2F08FE9E369724D6595D6E1AEE984CBCD189F5EA5E031E67D33209470E437D324C5BEE5E3F7010CC5F0EA25365804EC00053C6C391DC9256
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/messaging-system/1/ba1afd8d-4412-40e5-ae98-e5fe51056fac.{"ping_info":{"seq":22,"start_time":"2024-02-21T18:54+01:00","end_time":"2024-02-21T18:54+01:00","experiments":{"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"53f584c1-60fd-48ff-b0a3-e2dbb8fc6c64"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a","type":"nimbus-rollout"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","os":"Windows","app_c

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\d55abb42-9def-4184-8360-9200b963b079 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1549)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1629
                                                                                                                                                                                                        Entropy (8bit):5.10458366234033
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:89KuQJSSUWL4Xt2i8gdUk7UgAEC+aZj+m+v7g:9JSSKtX8FzEIZj+m+vk
                                                                                                                                                                                                        MD5:1789A0E7BF4B9C2452AD51FAC97145D0
                                                                                                                                                                                                        SHA1:3894967EBAC097A20856BF0D87038F983BAB5899
                                                                                                                                                                                                        SHA-256:4EF7ACA3E9A7B89B4F583D8A00810D9AA02171BF3BFB6E606703C1001BCE2ECC
                                                                                                                                                                                                        SHA-512:E33E9B768DFF1F445DE87D0AAFCB341B23DC074ED5BA78E16D89C21963541DE5FCBF79B0DDDC211350AD22CD841BCEF4684C1692F432DDF40888179A2589BAA8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/messaging-system/1/d55abb42-9def-4184-8360-9200b963b079.{"ping_info":{"seq":21,"start_time":"2024-02-21T18:54+01:00","end_time":"2024-02-21T18:54+01:00","experiments":{"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"53f584c1-60fd-48ff-b0a3-e2dbb8fc6c64","type":"nimbus-rollout"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a","type":"nimbus-rollout"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\fb6735ef-577d-4aa6-9fbf-47c63133e3e9 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1511)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1583
                                                                                                                                                                                                        Entropy (8bit):5.029678657167313
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:Q14CHSSKQVUet2LWLuL8gdUG/lUBpboLpzy:GBSSd6etAL8ItS0LBy
                                                                                                                                                                                                        MD5:7BBEBD1CD5949B0E6C5D555D798587E6
                                                                                                                                                                                                        SHA1:72EF372D8C3DF0A24F69DE5E7DE996A9BCDF648B
                                                                                                                                                                                                        SHA-256:CABECB088F330423989B6ECADD2016EEF319E8F5CD124C280E69C5FB1FF0FAB0
                                                                                                                                                                                                        SHA-512:F1C603E8D45B740117E7EDC122CEB9694552A28BF3140D2DF06E741B2881BAB2572BE885B2EEA4E6941FAD9A8A634BB16E8574BAD5107F94A9D8A95E6EE32339
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/baseline/1/fb6735ef-577d-4aa6-9fbf-47c63133e3e9.{"ping_info":{"seq":2,"start_time":"2023-10-05T08:41+01:00","end_time":"2024-02-21T18:54+01:00","reason":"active","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","type":"nimbus-rollout"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"53f584c1-60fd-48ff-b0a3-e2dbb8fc6c64","type":"nimbus-rollout"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","os_version"

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\292d3bdb-fe64-4637-b000-944223e00c80

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (10871)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):10942
                                                                                                                                                                                                        Entropy (8bit):4.710792179690498
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:rcSSbv1vMUV0aFC04+uY4GWFv+xVqFEoxfRQbFaw1CF2nR5nRxs2Al3JBF:rchd0akh+WoMBJ
                                                                                                                                                                                                        MD5:7F7E627D88F339EDEED8FB6E5821A90C
                                                                                                                                                                                                        SHA1:0ABE03686F6AFCAAE58AE9C15494382A69CB2200
                                                                                                                                                                                                        SHA-256:4FD37E99849F7593B2580A1F02C1EA6863EE1FC5078F7D6CD41A951BF43A202B
                                                                                                                                                                                                        SHA-512:A07F4A7A674B5F64223112E31EE23B2EE352071A896FD076D2C293471FA90428DE460D01CF3846268EE8E6811B47DD62073CC801D6A73B89B39DA2149B81266E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/metrics/1/292d3bdb-fe64-4637-b000-944223e00c80.{"ping_info":{"seq":0,"start_time":"2024-02-21T18:53+01:00","end_time":"2024-02-21T18:53+01:00","reason":"overdue","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","app_build":"20230927232528","locale":"en-US","os":"Windows","app_channel":"release","os_version":"10.0","app_display_version":"118.0.1","architecture":"x86_64","client_id":

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\3e6f0371-71b6-4f22-a51b-cd59a6a2f8d6

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2821)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2891
                                                                                                                                                                                                        Entropy (8bit):4.918564446667
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:qj4SoWLuTSSbXt2iODgUCWpZ3mzqhjS6SeyXt2LdWLp4gcpgn8Z:qjsTSSjtXODkM32eW6Sftq1PZ
                                                                                                                                                                                                        MD5:5C1A17E1004694FD1ABF3C35AD03FE2E
                                                                                                                                                                                                        SHA1:39BC31EF6FAD61219312EC7F8FA1AF9859377591
                                                                                                                                                                                                        SHA-256:4E90D99556425888CF9942B2D079A79328144DA7525F7F211B1CABFB1345C832
                                                                                                                                                                                                        SHA-512:0D2F8A3C7C30DA03FE6BBF06782B935242D440982BE8F8E50DD5F1707A3AF39F42F9E3EEEFFD446B5D0A47F3289CCB309E6785A5528DE042319DF1F69D380299
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/events/1/3e6f0371-71b6-4f22-a51b-cd59a6a2f8d6.{"ping_info":{"seq":1,"start_time":"2023-10-05T08:41+01:00","end_time":"2024-02-21T18:53+01:00","reason":"startup","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","type":"nimbus-rollout"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","first_run_date":"2023-10-05+01:00","build_date":"1970-01-01T00:00:00+00:00","client_id":"114b232f-58b0-42d5-93f4-6b8fa6718b07","windows_build_number":19045,"os":"Windows","a

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\6eaf15b3-37e6-4847-a3b7-7d2bd47e311a

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (872)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):942
                                                                                                                                                                                                        Entropy (8bit):4.998657019470945
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:BGjE69FULnjlRdTAa1gChBps5wZLNYGAuYOH:oE4FU7uyBpsuGOH
                                                                                                                                                                                                        MD5:D7FE95959CDB44CC7E757A47264E3A29
                                                                                                                                                                                                        SHA1:1638A0EF88596B63D5CD2CE6C9680B69EB3ECE50
                                                                                                                                                                                                        SHA-256:76AAA2BD6397A6ABD5F9D41D9E1C5CE77B444E0B874271DEA8DFBFAEA3246DB0
                                                                                                                                                                                                        SHA-512:E7ED6E38A45F50CA4E32FFDA7DFE0D41A96C278ED150EEEDCA938A848F748C418C4575E19528F8B9CF4465E180C99AF6B69749151220F999CB2EB1974A70E8C0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/newtab/1/6eaf15b3-37e6-4847-a3b7-7d2bd47e311a.{"ping_info":{"seq":4,"start_time":"2023-10-05T08:41+01:00","end_time":"2024-02-21T18:54+01:00","reason":"component_init"},"client_info":{"telemetry_sdk_build":"53.2.0","build_date":"1970-01-01T00:00:00+00:00","first_run_date":"2023-10-05+01:00","app_build":"20230927232528","locale":"en-US","os_version":"10.0","app_display_version":"118.0.1","architecture":"x86_64","os":"Windows","app_channel":"release","client_id":"114b232f-58b0-42d5-93f4-6b8fa6718b07","windows_build_number":19045},"metrics":{"boolean":{"topsites.enabled":true,"newtab.search.enabled":true,"pocket.is_signed_in":false,"pocket.sponsored_stories_enabled":true,"pocket.enabled":true,"topsites.sponsored_enabled":true},"string_list":{"newtab.blocked_sponsors":[]},"quantity":{"topsites.rows":1},"string":{"newtab.locale":"en-US","newtab.homepage_category":"enabled","newtab.newtab_category":"enabled"}}}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\8b9e6c29-c82f-4f95-ae4b-309ad7e58d80

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1531)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1611
                                                                                                                                                                                                        Entropy (8bit):5.081692507781077
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:aN4KHSajgWL+ODmQVXt2zUwj4BpECpoOacTZwY:YZSajoODxttWGE2ojcTZwY
                                                                                                                                                                                                        MD5:92CF4AD8F92E2373EDEADE46FC03AED0
                                                                                                                                                                                                        SHA1:F209AC1DD8E86BD0D33FE2FC921042BF18DED214
                                                                                                                                                                                                        SHA-256:108920D9B82AB3FBCBB882A1295CB65AD1CA36C512A69797261A33EF03779204
                                                                                                                                                                                                        SHA-512:5F76F3A43752A23A411CA32F235AD76CBFFDA985E3D6C34A85F496680015304E00C16E6D9BD9C32D34F1935A7B6C702CB646CA622B99968729B601EC65683A58
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/messaging-system/1/8b9e6c29-c82f-4f95-ae4b-309ad7e58d80.{"ping_info":{"seq":20,"start_time":"2023-10-05T08:41+01:00","end_time":"2024-02-21T18:54+01:00","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"53f584c1-60fd-48ff-b0a3-e2dbb8fc6c64","type":"nimbus-rollout"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","first_run_date":"202

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\ba1afd8d-4412-40e5-ae98-e5fe51056fac

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1549)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1629
                                                                                                                                                                                                        Entropy (8bit):5.09696586089344
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:fO9KuZwODfSajgWL4Xt2zU3jFBpEC+aT+ZW+v7g:fKwODfSaj2txFEIT+ZW+vk
                                                                                                                                                                                                        MD5:D2A95D0CF219826F1D64A52AD6DCCB78
                                                                                                                                                                                                        SHA1:EEB9762AD0E1CB0F58B1392FB6DB677F6A042B20
                                                                                                                                                                                                        SHA-256:ADFEC46EF76055007A5E249A93844E4CCEC00C4F6B7347EA2BD40B0B2791E2B2
                                                                                                                                                                                                        SHA-512:76AEAFCBF7EF8BFA2F08FE9E369724D6595D6E1AEE984CBCD189F5EA5E031E67D33209470E437D324C5BEE5E3F7010CC5F0EA25365804EC00053C6C391DC9256
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/messaging-system/1/ba1afd8d-4412-40e5-ae98-e5fe51056fac.{"ping_info":{"seq":22,"start_time":"2024-02-21T18:54+01:00","end_time":"2024-02-21T18:54+01:00","experiments":{"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"53f584c1-60fd-48ff-b0a3-e2dbb8fc6c64"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a","type":"nimbus-rollout"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","os":"Windows","app_c

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\d55abb42-9def-4184-8360-9200b963b079

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1549)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1629
                                                                                                                                                                                                        Entropy (8bit):5.10458366234033
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:89KuQJSSUWL4Xt2i8gdUk7UgAEC+aZj+m+v7g:9JSSKtX8FzEIZj+m+vk
                                                                                                                                                                                                        MD5:1789A0E7BF4B9C2452AD51FAC97145D0
                                                                                                                                                                                                        SHA1:3894967EBAC097A20856BF0D87038F983BAB5899
                                                                                                                                                                                                        SHA-256:4EF7ACA3E9A7B89B4F583D8A00810D9AA02171BF3BFB6E606703C1001BCE2ECC
                                                                                                                                                                                                        SHA-512:E33E9B768DFF1F445DE87D0AAFCB341B23DC074ED5BA78E16D89C21963541DE5FCBF79B0DDDC211350AD22CD841BCEF4684C1692F432DDF40888179A2589BAA8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/messaging-system/1/d55abb42-9def-4184-8360-9200b963b079.{"ping_info":{"seq":21,"start_time":"2024-02-21T18:54+01:00","end_time":"2024-02-21T18:54+01:00","experiments":{"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"53f584c1-60fd-48ff-b0a3-e2dbb8fc6c64","type":"nimbus-rollout"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a","type":"nimbus-rollout"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\fb6735ef-577d-4aa6-9fbf-47c63133e3e9

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1511)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1583
                                                                                                                                                                                                        Entropy (8bit):5.029678657167313
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:Q14CHSSKQVUet2LWLuL8gdUG/lUBpboLpzy:GBSSd6etAL8ItS0LBy
                                                                                                                                                                                                        MD5:7BBEBD1CD5949B0E6C5D555D798587E6
                                                                                                                                                                                                        SHA1:72EF372D8C3DF0A24F69DE5E7DE996A9BCDF648B
                                                                                                                                                                                                        SHA-256:CABECB088F330423989B6ECADD2016EEF319E8F5CD124C280E69C5FB1FF0FAB0
                                                                                                                                                                                                        SHA-512:F1C603E8D45B740117E7EDC122CEB9694552A28BF3140D2DF06E741B2881BAB2572BE885B2EEA4E6941FAD9A8A634BB16E8574BAD5107F94A9D8A95E6EE32339
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:/submit/firefox-desktop/baseline/1/fb6735ef-577d-4aa6-9fbf-47c63133e3e9.{"ping_info":{"seq":2,"start_time":"2023-10-05T08:41+01:00","end_time":"2024-02-21T18:54+01:00","reason":"active","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","type":"nimbus-rollout"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"53f584c1-60fd-48ff-b0a3-e2dbb8fc6c64","type":"nimbus-rollout"}},"mixed-content-level-2-roll-out-release-113":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"dada65c4-af36-4acf-bf51-6fa3cea7c6fa"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"c28444ff-7dd9-44a7-89a4-e9c2a143dc6a"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"8bbe8fef-783c-4996-97d6-51c14ebb316a","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","os_version"

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\session-state.json

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):161
                                                                                                                                                                                                        Entropy (8bit):4.823447134943938
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YWAqKso1h86yBIhyQVNWRHBMfPuER3+4BQI7aQJA2aqnLJrja/H5C:YWAqfoz8f+hDVNWh6fjR3e9QOanLFu/Q
                                                                                                                                                                                                        MD5:6230B2F00D8518899E8E87E5485DD8CE
                                                                                                                                                                                                        SHA1:898433C16FD837654DFCAA956AD8CAC522C82EF2
                                                                                                                                                                                                        SHA-256:6F5D31C1AFB6F8B12E2352A3496EBD29761F5D5447279CAE251341C628FFBD31
                                                                                                                                                                                                        SHA-512:27E09C77D75C3665DEB21254ADF47F40D0699EB3896DEE9A1015A5FA87560E729A1BEAA70411D1B662180350B37BE9C65B1C5949E72A49304B14A7594DDFB27A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"sessionId":"070cb4db-46bd-4ea0-b7dd-77e255e6d388","subsessionId":"0ac0ce5c-20a1-4d44-b008-2a4aac63a56a","profileSubsessionCounter":3,"newProfilePingSent":true}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                        Entropy (8bit):5.186376962556299
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                                                                                                                                                                        MD5:C2A8F76D683C9F86054CA7775732A180
                                                                                                                                                                                                        SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                                                                                                                                                                        SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                                                                                                                                                                        SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                        Entropy (8bit):5.186376962556299
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                                                                                                                                                                        MD5:C2A8F76D683C9F86054CA7775732A180
                                                                                                                                                                                                        SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                                                                                                                                                                        SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                                                                                                                                                                        SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1102240
                                                                                                                                                                                                        Entropy (8bit):6.6236318014412126
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:bif6DS+hWYEwTkhPcB64VjVEj3cYemypfYIC:bTDSNwToPcfjBmypf6
                                                                                                                                                                                                        MD5:842039753BF41FA5E11B3A1383061A87
                                                                                                                                                                                                        SHA1:3E8FE1D7B3AD866B06DCA6C7EF1E3C50C406E153
                                                                                                                                                                                                        SHA-256:D88DD3BFC4A558BB943F3CAA2E376DA3942E48A7948763BF9A38F707C2CD0C1C
                                                                                                                                                                                                        SHA-512:D3320F7AC46327B7B974E74320C4D853E569061CB89CA849CD5D1706330ACA629ABEB4A16435C541900D839F46FF72DFDE04128C450F3E1EE63C025470C19157
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V..V7.V7.V7.9S.C7.9S.[7.9S..7.9S.U7.V7.17.._._7.._.b7.._.H7.V7.87.?_.W7.?_.W7.RichV7.........PE..d.....Jd.........." .................C....................................................`.........................................P7..,...|8..(................I.......)..............T...................`...(...`................................................text.............................. ..`.rodata............................. ..`.rdata..F...........................@..@.data...p3...P.......2..............@....pdata...I.......J...N..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1102240
                                                                                                                                                                                                        Entropy (8bit):6.6236318014412126
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24576:bif6DS+hWYEwTkhPcB64VjVEj3cYemypfYIC:bTDSNwToPcfjBmypf6
                                                                                                                                                                                                        MD5:842039753BF41FA5E11B3A1383061A87
                                                                                                                                                                                                        SHA1:3E8FE1D7B3AD866B06DCA6C7EF1E3C50C406E153
                                                                                                                                                                                                        SHA-256:D88DD3BFC4A558BB943F3CAA2E376DA3942E48A7948763BF9A38F707C2CD0C1C
                                                                                                                                                                                                        SHA-512:D3320F7AC46327B7B974E74320C4D853E569061CB89CA849CD5D1706330ACA629ABEB4A16435C541900D839F46FF72DFDE04128C450F3E1EE63C025470C19157
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V..V7.V7.V7.9S.C7.9S.[7.9S..7.9S.U7.V7.17.._._7.._.b7.._.H7.V7.87.?_.W7.?_.W7.RichV7.........PE..d.....Jd.........." .................C....................................................`.........................................P7..,...|8..(................I.......)..............T...................`...(...`................................................text.............................. ..`.rodata............................. ..`.rdata..F...........................@..@.data...p3...P.......2..............@....pdata...I.......J...N..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                        Entropy (8bit):4.920722044218877
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+r2Xl3vTMBv+FdBAIABv+FEn:0BDUm213vAWeWEn
                                                                                                                                                                                                        MD5:2A461E9EB87FD1955CEA740A3444EE7A
                                                                                                                                                                                                        SHA1:B10755914C713F5A4677494DBE8A686ED458C3C5
                                                                                                                                                                                                        SHA-256:4107F76BA1D9424555F4E8EA0ACEF69357DFFF89DFA5F0EC72AA4F2D489B17BC
                                                                                                                                                                                                        SHA-512:34F73F7BF69D7674907F190F257516E3956F825E35A2F03D58201A5A630310B45DF393F2B39669F9369D1AC990505A4B6849A0D34E8C136E1402143B6CEDF2D3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 2.3.2.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                        Entropy (8bit):4.920722044218877
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+r2Xl3vTMBv+FdBAIABv+FEn:0BDUm213vAWeWEn
                                                                                                                                                                                                        MD5:2A461E9EB87FD1955CEA740A3444EE7A
                                                                                                                                                                                                        SHA1:B10755914C713F5A4677494DBE8A686ED458C3C5
                                                                                                                                                                                                        SHA-256:4107F76BA1D9424555F4E8EA0ACEF69357DFFF89DFA5F0EC72AA4F2D489B17BC
                                                                                                                                                                                                        SHA-512:34F73F7BF69D7674907F190F257516E3956F825E35A2F03D58201A5A630310B45DF393F2B39669F9369D1AC990505A4B6849A0D34E8C136E1402143B6CEDF2D3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 2.3.2.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\permissions.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                        Entropy (8bit):0.07383625255550796
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4WguGBgf:DLhesh7Owd4+FABM
                                                                                                                                                                                                        MD5:7D8CD15BBE94AFDED94E62085262C6BE
                                                                                                                                                                                                        SHA1:86201EC6A40D2BDA4555B638BB44C1228F7696DD
                                                                                                                                                                                                        SHA-256:AE9C8140F5290FD6EFFEBC0B7F7474405C9B3B94C89A1D3DA119D3F5AD713785
                                                                                                                                                                                                        SHA-512:CEC9415BD74A0B36E0FC65C078F17468F0398ADB01983BD6461658340CCB10C7388DF44740A4F4D295325736D82EE2E8B826F4DE3C73E0EB19A6AB3E732377E2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\permissions.sqlite-journal

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite Rollback Journal
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):66064
                                                                                                                                                                                                        Entropy (8bit):0.0981012901016244
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:7+t3Xv6Bl/ExWla0mwPxRymgObsCVR45wcYR4fmnsCVR4N:7+t3f6LEvsh7Owd4+u
                                                                                                                                                                                                        MD5:2B22AC348540D6B65955B2961CFDB7EA
                                                                                                                                                                                                        SHA1:F9627ED1DACFE3A5ABF4E85C658858A8BB3EFEDE
                                                                                                                                                                                                        SHA-256:0C8ABBEB9BD8CBE9DBE4B4CEAD5A0556482E77C090994C93B3E62BBFC0248243
                                                                                                                                                                                                        SHA-512:22FC44E60907A97845069E25EA82EF609C460ABA4F7AADAC66A4CDE52733F47C75EB06BE9D380EA9D9B2F83293E80C76F48EB696357392CB7A50FDA5BBB51DBA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.... .c......K}.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.053503108256077646
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:GUknm4p94/Uknm4pl/N9XIpFl/Ocl/IlZlf8Gl//XgY:byYOl/hADtfgY
                                                                                                                                                                                                        MD5:78BDC4BB64DEA73B00B56550897E6167
                                                                                                                                                                                                        SHA1:2C070E2152B36A4CD7191E75E66E889804DC2ED1
                                                                                                                                                                                                        SHA-256:F988B31345AFA5115A0D7102E2EA6BECD24B3552DD09A952CDA5C67042676AA4
                                                                                                                                                                                                        SHA-512:A7641A6964B31271C2B2B1732E78E78AD7232B61F809D0AADEE5C83A5F7E7C6F045981387A7A72A67FFA24917AA38BAA4D1F0FE8B21F7F72E60BB214924D8851
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-......................s..U.....GJ...e...T.x...-......................s..U.....GJ...e...T.x.....................................................................................................................'...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):655872
                                                                                                                                                                                                        Entropy (8bit):0.08832957301656653
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:/6ZeBhqE2IGF5eE+6dRXO938Ff0TrVhqE2sYr9QAZk:/jh/2IGKErdRXU38F2Vh/2sYrmIk
                                                                                                                                                                                                        MD5:3E02B6E0A4C5AD8A35698749EE754603
                                                                                                                                                                                                        SHA1:9AC6E22B482067717D5270E1C23129A5899D3BB3
                                                                                                                                                                                                        SHA-256:EFEC2A6B50729CC378BFE376CD22D692FF536473DF06DE16A3F92997E4C9DF6A
                                                                                                                                                                                                        SHA-512:28692C7B9177F3DBB6183E6FB25B89C3ACFF84470469AD11FDB90062ACF9EBB9A6B35BDC92BFF8E2959E9003DA69BB79DF5A271EBB9E030B8E3A936805170832
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:7....-.............GJ....M....N............GJ....YV...w.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs-1.js

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16373
                                                                                                                                                                                                        Entropy (8bit):5.430234451046983
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:lSnSRkyEjLbBp6hqUCaXCm+V0oNff5RHNBw8dBRHg6xSl:BemqUKmoLPwq0
                                                                                                                                                                                                        MD5:620803020623D09C8560960415AE0A11
                                                                                                                                                                                                        SHA1:B53D3769651CF867C5821EBD01EB903DFB4F243C
                                                                                                                                                                                                        SHA-256:9390391A4FFF3BA8EE8F0B70E29C576D44CBC4B27A69873703D048BC05949888
                                                                                                                                                                                                        SHA-512:F4569D6A3DCA37BCCE00B54AF38487C5DCE22B0AA08DF3EA47E0CB86C31B7EB28E48A07B3BA16E134D8BB509562203F8A16EBA396981BF5AC7673AEE6FE4A80D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1708538011);..user_pref("app.update.lastUpdateTime.background-update-timer", 1708538011);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1708538011);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.r

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):16373
                                                                                                                                                                                                        Entropy (8bit):5.430234451046983
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:lSnSRkyEjLbBp6hqUCaXCm+V0oNff5RHNBw8dBRHg6xSl:BemqUKmoLPwq0
                                                                                                                                                                                                        MD5:620803020623D09C8560960415AE0A11
                                                                                                                                                                                                        SHA1:B53D3769651CF867C5821EBD01EB903DFB4F243C
                                                                                                                                                                                                        SHA-256:9390391A4FFF3BA8EE8F0B70E29C576D44CBC4B27A69873703D048BC05949888
                                                                                                                                                                                                        SHA-512:F4569D6A3DCA37BCCE00B54AF38487C5DCE22B0AA08DF3EA47E0CB86C31B7EB28E48A07B3BA16E134D8BB509562203F8A16EBA396981BF5AC7673AEE6FE4A80D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1708538011);..user_pref("app.update.lastUpdateTime.background-update-timer", 1708538011);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1708538011);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.r

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\protections.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                        Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                        MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                        SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                        SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                        SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\protections.sqlite-journal

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite Rollback Journal
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):33288
                                                                                                                                                                                                        Entropy (8bit):0.08338195131242726
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:7+/lRy5gtBl/lquN1P4BEJYqWvLue3FMOrMZ0A:7+tI56Bl/ZnjfJiFxMZ3
                                                                                                                                                                                                        MD5:29D571E4FE8C134DD88BB0073FBAAA29
                                                                                                                                                                                                        SHA1:D6ACA461E9107DCB3FB3880261149A5C2A8DF2FC
                                                                                                                                                                                                        SHA-256:7E562964C578FDCA42CD31E06685530195FA2B27075B5A0B11B25F09B1DC6BCC
                                                                                                                                                                                                        SHA-512:FA5B9C5D47A2220F4D254FFF51EAE30D3FD31B1D78F038EDAED2919A2560BC6332D758DDC0AC4F53520E8A9BFCA5D00B7B991BF362DDE28196ED578BDEFBDB82
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.... .c......#......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.......x..x......................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 7656 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1891
                                                                                                                                                                                                        Entropy (8bit):6.466510605981806
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:PprgvqMh0ewr+lOb8iCcykfTwVUZCu1PFsPudS:pIqMMp8isiE1EFs6S
                                                                                                                                                                                                        MD5:80AEF8AD52BAFE08E4507DBF7D12CD8A
                                                                                                                                                                                                        SHA1:D9EFEE5B7D2243EF0531C70359FF201AE9B48C44
                                                                                                                                                                                                        SHA-256:BA6D367F61C8D3A9F81CAF5D5FF3A9E0EE1166DDB8BDDBD7F6BBDE5E000C6C89
                                                                                                                                                                                                        SHA-512:6FAA70A577512E6CD25A9FC9BE6FD328F7874E8657898203F83A612158C1CE18C43639723D852903058FA58CAF2413270BC48B4156047D41CCF236F807E6D1D6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.youtube.com/","title#....cacheKey":0,"ID":5,"docshellUU...A"{aa29d777-5172-4f2f-a582-41ef657ec31b}","referrerInfo":"BBoSnxDOS9qmDeAnom1e0AA...w..$EY.....0BAQ..aABAA==V...sultPrincipalURI":null,"hasUso.ateractK...false,"triggering9..._base64":"{\"3\":{}...6docIdentifier":6,"persist":true}],"lastAccessed":1708538000503,"hiddey..searchMode...userContextIdg..attribut...{},"index":1B..questedI..s0,"imagL./},....facebook.._video....)......9.......fd6508d5-c1f3-4c4f-83f3-2a5a54726feaW....[/10...o275415..V.."chrome://global/skin/icons/warning.svg"....accounts.googl....'......7....9b2e6a58-e987-4447-8d14-e7d573904d13.......8,..o002622,.....4.R.....89fa4685-e133%..d-b220-9aa1..?096.../11&..O1121..W.R...],"select...2,"_closedTJ.@],"_...C..`GroupCg..":-1,"busy......Flags":216E.0758..0dth....64,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace....4b3ac14b-43e5-4896-86e8-9...02ce1b

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 7656 bytes
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):1891
                                                                                                                                                                                                        Entropy (8bit):6.466510605981806
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:PprgvqMh0ewr+lOb8iCcykfTwVUZCu1PFsPudS:pIqMMp8isiE1EFs6S
                                                                                                                                                                                                        MD5:80AEF8AD52BAFE08E4507DBF7D12CD8A
                                                                                                                                                                                                        SHA1:D9EFEE5B7D2243EF0531C70359FF201AE9B48C44
                                                                                                                                                                                                        SHA-256:BA6D367F61C8D3A9F81CAF5D5FF3A9E0EE1166DDB8BDDBD7F6BBDE5E000C6C89
                                                                                                                                                                                                        SHA-512:6FAA70A577512E6CD25A9FC9BE6FD328F7874E8657898203F83A612158C1CE18C43639723D852903058FA58CAF2413270BC48B4156047D41CCF236F807E6D1D6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.youtube.com/","title#....cacheKey":0,"ID":5,"docshellUU...A"{aa29d777-5172-4f2f-a582-41ef657ec31b}","referrerInfo":"BBoSnxDOS9qmDeAnom1e0AA...w..$EY.....0BAQ..aABAA==V...sultPrincipalURI":null,"hasUso.ateractK...false,"triggering9..._base64":"{\"3\":{}...6docIdentifier":6,"persist":true}],"lastAccessed":1708538000503,"hiddey..searchMode...userContextIdg..attribut...{},"index":1B..questedI..s0,"imagL./},....facebook.._video....)......9.......fd6508d5-c1f3-4c4f-83f3-2a5a54726feaW....[/10...o275415..V.."chrome://global/skin/icons/warning.svg"....accounts.googl....'......7....9b2e6a58-e987-4447-8d14-e7d573904d13.......8,..o002622,.....4.R.....89fa4685-e133%..d-b220-9aa1..?096.../11&..O1121..W.R...],"select...2,"_closedTJ.@],"_...C..`GroupCg..":-1,"busy......Flags":216E.0758..0dth....64,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace....4b3ac14b-43e5-4896-86e8-9...02ce1b

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 7656 bytes
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):1891
                                                                                                                                                                                                        Entropy (8bit):6.466510605981806
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:PprgvqMh0ewr+lOb8iCcykfTwVUZCu1PFsPudS:pIqMMp8isiE1EFs6S
                                                                                                                                                                                                        MD5:80AEF8AD52BAFE08E4507DBF7D12CD8A
                                                                                                                                                                                                        SHA1:D9EFEE5B7D2243EF0531C70359FF201AE9B48C44
                                                                                                                                                                                                        SHA-256:BA6D367F61C8D3A9F81CAF5D5FF3A9E0EE1166DDB8BDDBD7F6BBDE5E000C6C89
                                                                                                                                                                                                        SHA-512:6FAA70A577512E6CD25A9FC9BE6FD328F7874E8657898203F83A612158C1CE18C43639723D852903058FA58CAF2413270BC48B4156047D41CCF236F807E6D1D6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://www.youtube.com/","title#....cacheKey":0,"ID":5,"docshellUU...A"{aa29d777-5172-4f2f-a582-41ef657ec31b}","referrerInfo":"BBoSnxDOS9qmDeAnom1e0AA...w..$EY.....0BAQ..aABAA==V...sultPrincipalURI":null,"hasUso.ateractK...false,"triggering9..._base64":"{\"3\":{}...6docIdentifier":6,"persist":true}],"lastAccessed":1708538000503,"hiddey..searchMode...userContextIdg..attribut...{},"index":1B..questedI..s0,"imagL./},....facebook.._video....)......9.......fd6508d5-c1f3-4c4f-83f3-2a5a54726feaW....[/10...o275415..V.."chrome://global/skin/icons/warning.svg"....accounts.googl....'......7....9b2e6a58-e987-4447-8d14-e7d573904d13.......8,..o002622,.....4.R.....89fa4685-e133%..d-b220-9aa1..?096.../11&..O1121..W.R...],"select...2,"_closedTJ.@],"_...C..`GroupCg..":-1,"busy......Flags":216E.0758..0dth....64,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace....4b3ac14b-43e5-4896-86e8-9...02ce1b

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\data.safe.bin (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Matlab v4 mat-file (little endian) chistory, text, rows 0, columns 2817
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):152
                                                                                                                                                                                                        Entropy (8bit):4.313459770306586
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:klJFc/slbKRxrtsLQPRTXlRlQRM9WREaD3YRfWEBuWsgfeYY:szcxhFPRTVQsWiA3YRfWEBuyHY
                                                                                                                                                                                                        MD5:70D06F1850777039D81A5E1D5259EF44
                                                                                                                                                                                                        SHA1:15E1EF39825B7D11A8520400F8619B8BCA793FC9
                                                                                                                                                                                                        SHA-256:38C9E0093F0C38FE08664C199166F1F756F8F3763B71D74B6B5FF1489C3246F8
                                                                                                                                                                                                        SHA-512:CA603B37073D0FC290500E08E240ADD2B3990A68BD81B9D07873766A35F3DFF850653203DE8D9F92E4EDA6CEE356758A9C908C59FC52CD53C58D226BD8EEC051
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.................synchistory....................v1-settings-sync.1708523225644B........9.......{"timestamp":1708523225644,"status":"success","infos":{}}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\data.safe.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:Matlab v4 mat-file (little endian) chistory, text, rows 0, columns 2817
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):152
                                                                                                                                                                                                        Entropy (8bit):4.313459770306586
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:klJFc/slbKRxrtsLQPRTXlRlQRM9WREaD3YRfWEBuWsgfeYY:szcxhFPRTVQsWiA3YRfWEBuyHY
                                                                                                                                                                                                        MD5:70D06F1850777039D81A5E1D5259EF44
                                                                                                                                                                                                        SHA1:15E1EF39825B7D11A8520400F8619B8BCA793FC9
                                                                                                                                                                                                        SHA-256:38C9E0093F0C38FE08664C199166F1F756F8F3763B71D74B6B5FF1489C3246F8
                                                                                                                                                                                                        SHA-512:CA603B37073D0FC290500E08E240ADD2B3990A68BD81B9D07873766A35F3DFF850653203DE8D9F92E4EDA6CEE356758A9C908C59FC52CD53C58D226BD8EEC051
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.................synchistory....................v1-settings-sync.1708523225644B........9.......{"timestamp":1708523225644,"status":"success","infos":{}}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):4096
                                                                                                                                                                                                        Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                        MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                        SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                        SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                        SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage.sqlite-journal

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite Rollback Journal
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2592
                                                                                                                                                                                                        Entropy (8bit):0.4554371164190743
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:7FEG2l7ttdlp/Flplpt/lplNskJtnktmkt4MRgSEBtl/g/vVltllkNhXXcl:7+/l7tP/hlLlNFctmktngvBtl4/cHG
                                                                                                                                                                                                        MD5:4F188C8E5B802FB8BDE881A86BD15DE3
                                                                                                                                                                                                        SHA1:D7A249B30DEBA2833F0621B6BBB19EEFCDC782C9
                                                                                                                                                                                                        SHA-256:89B4C7A8A41277EB601844B69CB720756A21354461BE562AEA42A830FA31B30E
                                                                                                                                                                                                        SHA-512:4252139BAD24A93E28D7F83AFBBF74F4A58C64171C8FD72A0AD9C0038C0F9E22ABB5112A20BF3344E64235AE08C701D32AEF3CC646DC812FC5C701DF1FCCA4DE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:.... .c......#..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\1

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):828655
                                                                                                                                                                                                        Entropy (8bit):7.998819316098926
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:24576:RU5+yypiAf3Q5sQ2rveB3Rd0fXj9i+BZqYqrW:g+yycAY5mrva3RdCjgY
                                                                                                                                                                                                        MD5:0C40063DE91B8B8297F5398D04D72B22
                                                                                                                                                                                                        SHA1:8355767BB03A3D894F5FD142F767518603ADB3C7
                                                                                                                                                                                                        SHA-256:3CD2EE400A959DC53FD60776CBBE220AA752903B658B262788D2BE974F341FC8
                                                                                                                                                                                                        SHA-512:34EEF7708B456E637706E6E79A5911EFBF1B747FE524DCEACE14F586EE09907CA2B893AFDD0855495014789ECB7805B252B22201BE91205E33227EA24AADC2CE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:......M.....f..W~)....,........Vs...U...!Vb...6....f...B.B...$h.v.x=..?..D.......;...........o y...*.w.(W#... _../.....u.`...Yq..u.."l.....E........h.M...'..xK.,<.O.....O.h...sy..(BX.[..M...q.......vc.4.L{..9>9..;.......$!..(....0h........s..?Y../Q.'E.,...V....pR...Fr...qs.....Q..T.kz-.........><..:..6r.....$.....(.....--...P.vK..&.d...xuJ6......2j..&oz..+PF<../...o...2=X......2....c.G..V<7.nt....O.!.{m;.}....LP...N|...U...3.).+.SW6G..l..B..u\...m-).9.r..j..nd_....h.*....kD.#.O.0.....;Z........{..4.g..;-+.w.=^..(.m.a/.w$...-....af&..........E~9...8/.....}...3K.2.[b....P.3.k.............N.rR.)..a.3...3./E..t..o..3>.....m.N...o...{..;.........B..~...W....S3..n(..|..Z...Nb.r";.iw.V.6=V..O.>g..k..^.....C=>5+.G..".37..Q.....l~.!...[8.X..+......}r.V._.o...PG.....V.2..._..\.8....e..m......o..&W&..THW.*P4+..........s)....4.....g.A.i........N..?3..{g.i..#.U.}.gL..........n..Gu.a.6.$X....b.n.{.4..9.....;=n..x.d.S:o.+.0.3.?&....V.....J..~.y....

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 416, last written using SQLite version 3042000, writer version 2, read version 2, file counter 23, database pages 497, cookie 0xd, schema 4, largest root page 11, UTF-8, vacuum mode 1, version-valid-for 23
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):2039808
                                                                                                                                                                                                        Entropy (8bit):4.942424743861203
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:w2nwZhB8P8dflhuRSSX1EvBzXe8OBfCu/gcbRF6Qp0VuP8x3BDDkubbFucdLqX3m:/0
                                                                                                                                                                                                        MD5:D4889BE9FB032E507B66539F032A8CD4
                                                                                                                                                                                                        SHA1:BC26637983BAA86C6C01633FDBD25AEA9AB490E9
                                                                                                                                                                                                        SHA-256:D927A0D3C04A31AC298B798F20A94C3073252CFA1C48178A71082FA15AF7D284
                                                                                                                                                                                                        SHA-512:6ABB96389A0668CFF5870330334BE8181FB5E242E1EC5DB7ACC455E06571D3CE2BA062EC2888CA2B52870EAA6A36F69EADE0EDE524350BF0B6178962E88A76C3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j............;.......[..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................-...3....triggerfile_update_triggerfileCREATE TRIGGER file_update_trigger AFTER UPDATE ON file FOR EACH ROW WHEN NEW.refcount = 0 BEGIN DELETE FROM file WHERE id = OLD.id; END.Y...A#..Ytriggerobject_data_delete

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                        Entropy (8bit):0.057314842918196135
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6:G/E0HtGWS9E0HtGW1B9XKkWqo0tok9ku10:J0NGp20NGWQqoIkj
                                                                                                                                                                                                        MD5:792E5D1EE4862DCB8801EADBA7F2D7B0
                                                                                                                                                                                                        SHA1:8DEE943261E1A899C2226C0B75FD4F0690BCD9BB
                                                                                                                                                                                                        SHA-256:BB14EF3A979BE488F4F5BFE732153D28CCC23F24DD3A904B5C6A4210EAEE5FE2
                                                                                                                                                                                                        SHA-512:81A4E3B3FD74899E8833B19085B291BA05020FF8C38C503CD3D565E9D17400FFCE1D6044E2FF4B308FDBEEC55679AE9F321910F1C1063821D558F262B914C03C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:..-......................d.8..".+B.....'P.t/.c....-......................d.8..".+B.....'P.t/.c......................................................................$.../...0...4...L...............P...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\xulstore.json (copy)

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):141
                                                                                                                                                                                                        Entropy (8bit):4.527146700950922
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YGNDhK6c2us1pNGHfYS8dJsAulvhJBAuqRrHvN+M4fHlxKgfHwFn:YGNTG/SJsAUv54rH0vHlxKgfQFn
                                                                                                                                                                                                        MD5:74E2B5FEA591C1050CAD4BED0AFE0EA1
                                                                                                                                                                                                        SHA1:511B7F71B3F73354282145A5B5824BF13758F262
                                                                                                                                                                                                        SHA-256:D59735F5C04F870A5E3E272CED57FCBA79E9EE309D228E6EF76D25057D902710
                                                                                                                                                                                                        SHA-512:29DEED066A22EF405CBB4D01C1F11BDE3E94F019ED6CCC1C9DACEEA78C816C2454E73325B7CB4CB0AED219E27A4D71DA9A47ACBE7EA24B8C55DAE4AA983B155C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"screenX":"4","screenY":"4","width":"1164","height":"891","sizemode":"maximized"}}}

                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\xulstore.json.tmp

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):141
                                                                                                                                                                                                        Entropy (8bit):4.527146700950922
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:YGNDhK6c2us1pNGHfYS8dJsAulvhJBAuqRrHvN+M4fHlxKgfHwFn:YGNTG/SJsAUv54rH0vHlxKgfQFn
                                                                                                                                                                                                        MD5:74E2B5FEA591C1050CAD4BED0AFE0EA1
                                                                                                                                                                                                        SHA1:511B7F71B3F73354282145A5B5824BF13758F262
                                                                                                                                                                                                        SHA-256:D59735F5C04F870A5E3E272CED57FCBA79E9EE309D228E6EF76D25057D902710
                                                                                                                                                                                                        SHA-512:29DEED066A22EF405CBB4D01C1F11BDE3E94F019ED6CCC1C9DACEEA78C816C2454E73325B7CB4CB0AED219E27A4D71DA9A47ACBE7EA24B8C55DAE4AA983B155C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"screenX":"4","screenY":"4","width":"1164","height":"891","sizemode":"maximized"}}}

                                                                                                                                                                                                        Chrome Cache Entry: 1000

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (776)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1480
                                                                                                                                                                                                        Entropy (8bit):5.279840507577888
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:kMYD7xsu0wxppCqraNxRY4IB/HTl93myNP9GiGXdBlLJFSphGb5UGbAiHOzZrprw:o7x50+poFW1l9msc9jV0hGb5UGbPYZt8
                                                                                                                                                                                                        MD5:7DD1B813E20B2FBD52896F41087B3FBF
                                                                                                                                                                                                        SHA1:E89C53F5F3140442915A1C4DFCF71B82C8D49B67
                                                                                                                                                                                                        SHA-256:D0E1605C9406F26D1A88F26E625D34F1D313EDCE5EB538294666F80918FE2CB5
                                                                                                                                                                                                        SHA-512:54E90848539C99015510E1E56ACC0379281B8F413B1EBF6DA39F631BFC8DC5F0F9BA1E7324206A807AD478798C370560F0ED2F3289988946C69C774AD575578A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("kMFpHd");._.gUa=new _.Vk(_.ql);._.l();._.k("bm51tf");.var jUa=!!(_.qda[0]>>18&1);var lUa=function(a,b,c,d,e){this.ea=a;this.ta=b;this.ja=c;this.Ca=d;this.Fa=e;this.aa=0;this.da=kUa(this)},mUa=function(a){var b={};_.Ma(a.pN(),function(e){b[e]=!0});var c=a.cN(),d=a.iN();return new lUa(a.WJ(),1E3*c.aa(),a.wM(),1E3*d.aa(),b)},kUa=function(a){return Math.random()*Math.min(a.ta*Math.pow(a.ja,a.aa),a.Ca)},gE=function(a,b){return a.aa>=a.ea?!1:null!=b?!!a.Fa[b]:!0};var hE=function(a){_.I.call(this,a.Ha);this.Cc=null;this.ea=a.Ea.oQ;this.ja=a.Ea.metadata;a=a.Ea.A$;this.da=a.ea.bind(a)};_.A(hE,_.I);hE.Na=_.I.Na;hE.Ba=function(){return{Ea:{oQ:_.hUa,metadata:_.gUa,A$:_.aUa}}};hE.prototype.aa=function(a,b){if(1!=this.ja.getType(a.Dd()))return _.Bl(a);var c=this.ea.aa;return(c=c?mUa(c):null)&&gE(c)?_.Vsa(a,nUa(this,a,b,c)):_.Bl(a)};.var nUa=function(a,b,c,d){return c.then(function(e){

                                                                                                                                                                                                        Chrome Cache Entry: 1001

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (19300)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):278309
                                                                                                                                                                                                        Entropy (8bit):5.409028772835641
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:fPHaQFjs1PlJ/yfJJubY9OD47YzD4HEBuP2IUeOkFCbPIO6I3uclVuYgyi3i8/Kj:m8xm7AP2Iqn/UmxgcSDOOa
                                                                                                                                                                                                        MD5:340868CF2C840DE168D77463396D60D3
                                                                                                                                                                                                        SHA1:4F1EFABA3EE4B1E1A26DEE1D178953BFB9188F5C
                                                                                                                                                                                                        SHA-256:808EC6221BA222DA52AED8B83EA836EF99036392321892D31723BD5EAEC2700D
                                                                                                                                                                                                        SHA-512:B78CFD4383440A54855A3F19573EBF18C16BDD3997BCB1B126D772E1B16947E6053382B6FE56F8195E023CAF7FCCD23EDC08340B9A137F6596ECD6C827E1ECB9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/-xtNSS8Cn-Q.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/.."use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listeners=new Map()}a.prototype=Object.create(Object.prototype);a.prototype.addEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();d.has(e)||d.set(e,new Map());var f=d.get(e);f.has(b)||f.set(b,c)};a.prototype.removeEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();if(d.has(e)){var f=d.get(e);f.has(b)&&f["delete"](b)}};a.prototype.dispatchEvent=function(a){if

                                                                                                                                                                                                        Chrome Cache Entry: 1002

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4264), with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):4264
                                                                                                                                                                                                        Entropy (8bit):5.023352101476255
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:cMR3GqZFZlZuAwkQ29BR6WtFfH/2Ff8FfSiY3hUgxJu8OJ/:cxC3wkQ29XtEmgiUhUgxJu8OJ/
                                                                                                                                                                                                        MD5:9DEAE13C40798DFCA19BD14ED7039D60
                                                                                                                                                                                                        SHA1:4BA302A1435B094031E4F2E1BCE1B6198F0CF825
                                                                                                                                                                                                        SHA-256:CDAC5527DC3C1A9F38C6B00086B2A10B9E7EAA1E062314E548C1FA602D17BBBD
                                                                                                                                                                                                        SHA-512:95B093D926535FA9454E3776A3E219B61502CE67AA2E659175AE879133DD35A6EFA1BFDBE5B6D3E3DD8BA1F0663892B44FD6F21BE17FEFA9725A234DFF3C5D0C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/cssbin/www-main-desktop-home-page-skeleton.css
                                                                                                                                                                                                        Preview:#home-page-skeleton{position:relative;z-index:0;pointer-events:none;min-width:0;width:100%;opacity:1;margin:56px 0 0;display:-webkit-box;display:-webkit-flex;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-webkit-flex-direction:row;flex-direction:row}#home-page-skeleton.hidden:not(.layered){opacity:0}#guide-skeleton{display:none;background-color:#fff;width:240px;-webkit-flex-shrink:0;flex-shrink:0;-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;flex-direction:column}#guide-skeleton.collapsed{width:72px}#guide-skeleton .guide-item-ghost{padding:10px;width:100%}#guide-skeleton .guide-ghost{padding:10px 30px;display:-webkit-box;display:-webkit-flex;display:flex}#guide-skeleton .guide-ghost-icon{height:40px;width:40px;min-width:40px;margin-right:15px;border-radius:50%;background-color:hsl(0,0%,100%)}#guide-skeleton .guide-ghost-text{height:36px;width:100%;border-radius:8px;background-color:hsl(0,0%,100%)}@media (min-width:792p

                                                                                                                                                                                                        Chrome Cache Entry: 1003

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (776)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1480
                                                                                                                                                                                                        Entropy (8bit):5.278661843249328
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:kMYD7xb4Uu0UIqraN3OYfl/HTn93EyNPrIH6iQG7ALbDs3dEGbwc0GbgjUTOuhZg:o7xbm09Awn9Es66nG7API3dEGbwc0Gb0
                                                                                                                                                                                                        MD5:B1E42198FB893A628628BCFDB3667B1F
                                                                                                                                                                                                        SHA1:A115D5B91E02912CC6099FFD6B6F5CBCE6F19EC7
                                                                                                                                                                                                        SHA-256:263E701257ED8F7A63E265CF0F906020AF51E8552732D23F11276DB5428B08DD
                                                                                                                                                                                                        SHA-512:EC2AE05CCF97D6F21268ADA5C21F90D6BCD0F6F8E9E7E3D5264A866589673BB3EE88B2724209BC4D608B7BCE2EDDCCCE8DBCAA2AA8B30F265FDC4D0CEDD79566
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("kMFpHd");._.lUa=new _.qk(_.Qk);._.l();._.k("bm51tf");.var oUa=!!(_.Kda[0]>>18&1);var qUa=function(a,b,c,d,e){this.ea=a;this.ta=b;this.ja=c;this.Ca=d;this.Fa=e;this.aa=0;this.da=pUa(this)},rUa=function(a){var b={};_.Na(a.tN(),function(e){b[e]=!0});var c=a.gN(),d=a.mN();return new qUa(a.WJ(),1E3*c.aa(),a.EM(),1E3*d.aa(),b)},pUa=function(a){return Math.random()*Math.min(a.ta*Math.pow(a.ja,a.aa),a.Ca)},qE=function(a,b){return a.aa>=a.ea?!1:null!=b?!!a.Fa[b]:!0};var rE=function(a){_.I.call(this,a.Ha);this.Bc=null;this.ea=a.Ea.vQ;this.ja=a.Ea.metadata;a=a.Ea.F$;this.da=a.ea.bind(a)};_.B(rE,_.I);rE.Oa=_.I.Oa;rE.Ba=function(){return{Ea:{vQ:_.mUa,metadata:_.lUa,F$:_.fUa}}};rE.prototype.aa=function(a,b){if(1!=this.ja.getType(a.Bd()))return _.al(a);var c=this.ea.aa;return(c=c?rUa(c):null)&&qE(c)?_.Csa(a,sUa(this,a,b,c)):_.al(a)};.var sUa=function(a,b,c,d){return c.then(function(e){

                                                                                                                                                                                                        Chrome Cache Entry: 1004

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1150
                                                                                                                                                                                                        Entropy (8bit):1.6001495726289154
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:XFeeeQL5555555555dWr555555555555b5555r555555b555Lr555553r555Lh5k:X2uD
                                                                                                                                                                                                        MD5:F2A495D85735B9A0AC65DEB19C129985
                                                                                                                                                                                                        SHA1:F2E22853E5DA3E1017D5E1E319EEEFE4F622E8C8
                                                                                                                                                                                                        SHA-256:8BB1D0FA43A17436D59DD546F6F74C76DC44735DEF7522C22D8031166DB8911D
                                                                                                                                                                                                        SHA-512:6CA6A89DE3FA98CA1EFCF0B19B8A80420E023F38ED00F4496DC0F821CEA23D24FB0992CEE58C6D089F093FDEFCA42B60BB3A0A0B16C97B9862D75B269AE8463B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/img/favicon.ico
                                                                                                                                                                                                        Preview:............ .h.......(....... ..... ........................................................................................................................................................................@...@...p.......................@...@...................`...................................................`.......0...........................................................0...P...........................................................`................................PP...................................................................... .............................................................. ......................................................@@.................................P...........................................................`...0...........................................................0.......`...................................................`...................@...@...........................@...@......................................................

                                                                                                                                                                                                        Chrome Cache Entry: 1005

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (6544)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):30894
                                                                                                                                                                                                        Entropy (8bit):5.582255413109731
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:dlMmkEeGSQnBx355zXv2Vpfd2A2Yjdw8w5hdvWewVebB:HVnPBh55zf2l2Yv54
                                                                                                                                                                                                        MD5:BD73519A54802D4CB27DB39E57A51A3C
                                                                                                                                                                                                        SHA1:35D2BD2BF01344DD2965AAF129F8D01BD846F1E3
                                                                                                                                                                                                        SHA-256:4F2B758D75B3C766B75625157FE35E5F8F965E8A94F31955628593E769E4FAC4
                                                                                                                                                                                                        SHA-512:0E317B384EC69D09AB96CCCCF3D0AA2F5F23C62108B05551626DF21318F035AE415493D652488C0C1A26D6418A8618CB50A708696A3A181BB7EAE1ED41D37C8F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3i0Wo4/yG/l/en_US/-boqNkzBTGm.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometContextualLayer.react",["BaseContextualLayer.react","react","useCometVisualChangeTracker","useMergeRefs"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(a,b){var d=c("useCometVisualChangeTracker")();b=c("useMergeRefs")(b,d);return i.jsx(c("BaseContextualLayer.react"),babelHelpers["extends"]({},a,{ref:b}))}a.displayName=a.name+" [from "+f.id+"]";b=i.forwardRef(a);g["default"]=b}),98);.__d("CometTypeaheadProgressGlimmer.react",["CometProgressRingIndeterminate.react","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(){return i.jsx("div",{className:"x6s0dn4 x78zum5 x1iyjqo2 xdd8jsf xl56j7k",children:i.jsx(c("CometProgressRingIndeterminate.react"),{color:"disabled",size:24})})}a.displayName=a.name+" [from "+f.id+"]";g["default"]=a}),98);.__d("CometTypeaheadViewItem.react",["CometPressable.react","CometRow.react","CometRowItem.react","emptyFunction","react","stylex"],(function(a,b,c,d,e,f,g){"use strict";var h

                                                                                                                                                                                                        Chrome Cache Entry: 1006

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (682)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):4119
                                                                                                                                                                                                        Entropy (8bit):5.363860210804462
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:GkBsIzf6Aj6TQTdkvEc2K7UrtNoyd+ypYokBnz8oLw:3BHzn+Wm97UToyd+ypYokDc
                                                                                                                                                                                                        MD5:B60A1BABBA7EDBA6C5A9FC4836A079C6
                                                                                                                                                                                                        SHA1:082278E6B6E8A2F53237EE992E77FE45F8764957
                                                                                                                                                                                                        SHA-256:A925BAF5E1E6227CE778335AE876AD0B2C0A46AF791E2FE0BE7D9548015BBD82
                                                                                                                                                                                                        SHA-512:975738EE48432A77B3423E4BE71EE3FAEF65CF03EFA95A786357438132ECE6942ACF1163DB3A1513515A8617807D5C21DA44CB510E32DCA941927F5C369388B9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=NTMZac,sOXFj,q0xTif,ZZ4WUe"
                                                                                                                                                                                                        Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.uf(_.hna);._.k("sOXFj");.var Rq=function(a){_.I.call(this,a.Ha)};_.B(Rq,_.I);Rq.Oa=_.I.Oa;Rq.Ba=_.I.Ba;Rq.prototype.aa=function(a){return a()};_.Lq(_.gna,Rq);._.l();._.k("oGtAuc");._.Gsa=new _.qk(_.hna);._.l();._.k("q0xTif");.var Cta=function(a){var b=function(d){_.bm(d)&&(_.bm(d).uc=null,_.er(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},qr=function(a){_.np.call(this,a.Ha);this.Ra=this.dom=null;if(this.Zh()){var b=_.sk(this.Cf(),[_.Uk,_.Tk]);b=_.wh([b[_.Uk],b[_.Tk]]).then(function(c){this.Ra=c[0];this.dom=c[1]},null,this);_.Dq(this,b)}this.Ma=a.nh.U7};_.B(qr,_.np);qr.Ba=function(){return{nh:{U7:function(){return _.ff(this)}}}};qr.prototype.getContext=function(a){return this.Ma.getContext(a)};.qr.prototype.getData=function(a){return this.Ma.getData(a)};qr.protot

                                                                                                                                                                                                        Chrome Cache Entry: 1007

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (776)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1480
                                                                                                                                                                                                        Entropy (8bit):5.278661843249328
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:kMYD7xb4Uu0UIqraN3OYfl/HTn93EyNPrIH6iQG7ALbDs3dEGbwc0GbgjUTOuhZg:o7xbm09Awn9Es66nG7API3dEGbwc0Gb0
                                                                                                                                                                                                        MD5:B1E42198FB893A628628BCFDB3667B1F
                                                                                                                                                                                                        SHA1:A115D5B91E02912CC6099FFD6B6F5CBCE6F19EC7
                                                                                                                                                                                                        SHA-256:263E701257ED8F7A63E265CF0F906020AF51E8552732D23F11276DB5428B08DD
                                                                                                                                                                                                        SHA-512:EC2AE05CCF97D6F21268ADA5C21F90D6BCD0F6F8E9E7E3D5264A866589673BB3EE88B2724209BC4D608B7BCE2EDDCCCE8DBCAA2AA8B30F265FDC4D0CEDD79566
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("kMFpHd");._.lUa=new _.qk(_.Qk);._.l();._.k("bm51tf");.var oUa=!!(_.Kda[0]>>18&1);var qUa=function(a,b,c,d,e){this.ea=a;this.ta=b;this.ja=c;this.Ca=d;this.Fa=e;this.aa=0;this.da=pUa(this)},rUa=function(a){var b={};_.Na(a.tN(),function(e){b[e]=!0});var c=a.gN(),d=a.mN();return new qUa(a.WJ(),1E3*c.aa(),a.EM(),1E3*d.aa(),b)},pUa=function(a){return Math.random()*Math.min(a.ta*Math.pow(a.ja,a.aa),a.Ca)},qE=function(a,b){return a.aa>=a.ea?!1:null!=b?!!a.Fa[b]:!0};var rE=function(a){_.I.call(this,a.Ha);this.Bc=null;this.ea=a.Ea.vQ;this.ja=a.Ea.metadata;a=a.Ea.F$;this.da=a.ea.bind(a)};_.B(rE,_.I);rE.Oa=_.I.Oa;rE.Ba=function(){return{Ea:{vQ:_.mUa,metadata:_.lUa,F$:_.fUa}}};rE.prototype.aa=function(a,b){if(1!=this.ja.getType(a.Bd()))return _.al(a);var c=this.ea.aa;return(c=c?rUa(c):null)&&qE(c)?_.Csa(a,sUa(this,a,b,c)):_.al(a)};.var sUa=function(a,b,c,d){return c.then(function(e){

                                                                                                                                                                                                        Chrome Cache Entry: 1008

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):259889
                                                                                                                                                                                                        Entropy (8bit):5.404210528859754
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:cBlJQj9MPzJWnodfkei/E+sPKqno7TMbyzb8f:eJQ0z95PKqno7Tw
                                                                                                                                                                                                        MD5:9D0FC0EA580E0D6FB1F604E2EEF55C8D
                                                                                                                                                                                                        SHA1:181C495A7BE7CE596332355DB28E16A3FDFD49B1
                                                                                                                                                                                                        SHA-256:235852C8D371A9D2352C70B3D951B6C3E9A39F553A522EFC7A6649DF6FD6918C
                                                                                                                                                                                                        SHA-512:13FF392BA3473D495E944AA3559F33A74FBC9EABF39A8CD152345DEEB76F39F36C1B0288BF949F79233B179DDB8D4EAA8B532A80DFB15F134FFA9E5C46189323
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.licdn.com/sc/h/9aqr8a0t3v3gde6w2txxdc9l9
                                                                                                                                                                                                        Preview:!function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var i in e)n.d(r,i,function(t){return e[t]}.bind(null,i));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=92)}([function(e,t,n){"use strict";n.d(t,"j",(function(){return a})),n.d(t,"x",(function(){re

                                                                                                                                                                                                        Chrome Cache Entry: 1009

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1657
                                                                                                                                                                                                        Entropy (8bit):7.081028840643324
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:ggksiWu1wUyOWzknhLb40uDEmihsmlxas6W2jwJaFM:1kRwshLb40uDEhhsKxanXj/K
                                                                                                                                                                                                        MD5:477F7BA011B779D8CCC87C42ECE12250
                                                                                                                                                                                                        SHA1:C73DDE35B7ECAC63B2A97E752EDE14B27412CFA5
                                                                                                                                                                                                        SHA-256:5B79EAF028C29C8E19ABDFD88F45E6C52C496CB12278187DC1FDBA81E26A19E8
                                                                                                                                                                                                        SHA-512:C83849DE8801DE85B248288D89365258EDDC0A5D35D9DC9186EC26A199B91653DE219AB0200DC39135E4311607974F5FFAFB30084D7F3099A9D1D25EFAF89C44
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/413973828_122141038328035932_1018688146031695318_n.jpg?stp=c0.6.50.50a_cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=596444&_nc_ohc=gIG0B0H0NDEAX81usT0&_nc_ht=scontent-lga3-2.xx&oh=00_AfDHgjiLN9erANiUV4OLirf6nyX-FvSJy9FZXJL-0ug8kQ&oe=65DBF3FD
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e101000078020000b4020000ff020000c503000089040000c0040000fe0400003e05000079060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."............................................................................}-gG9H.IH;....QN.fv..B.N..D...U.............WM..* ".t..].#.....%...........................!"#12$3A.................3.z...jZQ5.....>Bb<.fj6t.s..Ic...l..5<.K1Y..W....[....9...U...5pk.@.`GZv4).....3C.Y.N...'........................................!........?....6GQO.a.HH....C........................................?..dY.C...D/C.vu..............................!"12ABQaq..3. #$Rr..........?...6ah.....U......Q-..Y.<..T..}.f.-......;F.y-..o..abed`.p....L....J...@.9.k...w.D.....7:F..R.......b.W..7..[.fe>..B..x.......J>.4nN..).._...$....................!A1Qaq.. ............?!.....am..r..9...5.%.IF.X.

                                                                                                                                                                                                        Chrome Cache Entry: 1010

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):2063
                                                                                                                                                                                                        Entropy (8bit):7.311401152655177
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:evrxiWqyT2XUtiVYUXW69sgz8wyVJyGvzsQ7v4gjbJjxldTwOff9uL:evrJiVYUmIpz8wyVJd7v4wbJnduL
                                                                                                                                                                                                        MD5:D1C07507F0478AFCF2048CA5CFA8DF8A
                                                                                                                                                                                                        SHA1:0501333A139F37C7989B038FF9DB9E5F7C0A3E9B
                                                                                                                                                                                                        SHA-256:7DC293DBAED3EEA5ED83CD12A38475EF7C9B6AE27623FD0259AF041BC07A689F
                                                                                                                                                                                                        SHA-512:BE906ABFCC8A63328EC69C9C48D6C346C98A5FE8D7938655C4A57D2BFCA7ECC3B23F14EC22A6EFEE22F55FE1142C4548E82D306D42FE7D3AACA6D743AFDA899C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/308504404_387290806940494_150870101384029952_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=596444&_nc_ohc=wtDvLE5PBs0AX-odxfq&_nc_ht=scontent-lga3-2.xx&oh=00_AfCo8jOnKvQ0hQXuPCdTZV6OYO2ILPI9tm_iGNWWGkQCnQ&oe=65DB1742
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM..........g..q23vDrsifgMTf9PIa3ea..(.bFBMD0a000a8701000001020000b40200001a03000082030000940400008e050000cd05000030060000910600000f080000...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."..............................................................................(E2..`.^..j.U..EEW^.......lU.S=....[._..]r.S.N..~..6...<....n8........"..........................!...3A..........)...)..^ ...}...k.a`....(.....H .F8..%|T.{;..8:K.Y........Nk......u&.....N.......W.......U^....6...{Z.....j.u....J...mt.#....$........................!1..A.3...........?...@...v...@.&.\....v...A..c...-.R..u6>..m...B......u...".......................1..!."2Aa........?..v.IRdY....<I.i.......x..A@C.i..)....My.._._............................!"1Q.Aa.2R. Bq..............?.%.wE.&.....K#..!..y..L..k...X..G..5. ..f.#7.<+....`..P.....g.2.XC..V.$...T%..'..ds..d.

                                                                                                                                                                                                        Chrome Cache Entry: 1011

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (7990)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):465346
                                                                                                                                                                                                        Entropy (8bit):5.568829571605224
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:GQELY2kiAGRx0KDCJcrjrMwmvsPJ80cFcelRDKRsHu8aP9jpgc7S/i18EtJZGwSa:yK6elhkss9jOc7S618YZGxrpsU6Frb3r
                                                                                                                                                                                                        MD5:19CDE8C7D278D8D2399B3082E08AB79F
                                                                                                                                                                                                        SHA1:087AC4B875035E81E374F7A560935BFD1856D5DB
                                                                                                                                                                                                        SHA-256:B405B1012AFB798C8242CC121DC2E228342E5803B5084C2B5BE42CF1AF85F735
                                                                                                                                                                                                        SHA-512:1D5BC365F37041CBF159034EC292704986DB0288ED2B6CE836F706E0D92B899A101C155C8D3FFEE38722541ED3058591FBCE8189F54247C70E4CE07440DD471C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3ifrz4/yh/l/en_US/yLGZ8RCWXS5.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometBatchNotificationsStateChangeSubscription_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="6546596222061607"}),null);.__d("CometBatchNotificationsStateChangeSubscription.graphql",["CometBatchNotificationsStateChangeSubscription_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a=function(){var a={defaultValue:null,kind:"LocalArgument",name:"environment"},c={defaultValue:null,kind:"LocalArgument",name:"input"},d=[{alias:null,args:[{kind:"Variable",name:"data",variableName:"input"}],concreteType:"BatchNotificationStateChangeSubscribeResponsePayload",kind:"LinkedField",name:"batch_notification_state_change_subscribe",plural:!1,selections:[{alias:null,args:null,concreteType:"Notification",kind:"LinkedField",name:"aggregated_notifications",plural:!0,selections:[{alias:null,args:null,kind:"ScalarField",name:"id",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"seen_state",storageKey:null}],storageKey:null},{alias:null,args:nu

                                                                                                                                                                                                        Chrome Cache Entry: 1012

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2036)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):39877
                                                                                                                                                                                                        Entropy (8bit):5.396884329936008
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:uwoR/ZrQgcREIb+9KiiqR12623vlpOeO/hpoLpRX:uz+gcRhQRIb9AP/hps
                                                                                                                                                                                                        MD5:EB4FBC0E01EB4A539A6BC202AFD4C644
                                                                                                                                                                                                        SHA1:1798B96F94E4461C211A1E5118994F6E0DFD53BE
                                                                                                                                                                                                        SHA-256:ACAE96AA93E083C150D041E2F01185932E5AACD71E4B433CD165DD41AA97103A
                                                                                                                                                                                                        SHA-512:B608780ED207A42DBE9DEEE88400A6D9462029A653CEC42323490B7023F210E99FB38BE5574A451F069EEB5A7F8125505989B331A2243C56D1F2C84A74A2B371
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/jsbin/spf.vflset/spf.js
                                                                                                                                                                                                        Preview:(function(){function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof l&&l];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var da=ca(this);function ea(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.ea("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g){this.g=f;ba(this,"description",{configurable:!0,writable:!0,value:g})}if(a)return a;c.protot

                                                                                                                                                                                                        Chrome Cache Entry: 1013

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:PNG image data, 21 x 409, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):2540
                                                                                                                                                                                                        Entropy (8bit):7.241602582463701
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:hjUR4TN+zzhq3Y40mP0VFx2teUFhZX3cUxadsKx6aBDLUSZ:V8cN93vQOeUFhZX3cJ/IaBDLzZ
                                                                                                                                                                                                        MD5:617B29D87C8BE0A9E367320313656B2A
                                                                                                                                                                                                        SHA1:46320109EDC1764CFBC60AD4F031E4018CF6ADEF
                                                                                                                                                                                                        SHA-256:286E3110841E9FCE71D0E8CFCA1D1B7B0EDF781AF6D752ABF05F89AA6760EE79
                                                                                                                                                                                                        SHA-512:42CEAF698DD7556BBA2BA11264B9923E66EBC514AF8554EBACF83391E7AA690E5DFAB2222872D40B61AE5FAF1500D22E6077808D0F5341088C70B36DEAA52C19
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3/y2/r/2UXBRrhCqJH.png
                                                                                                                                                                                                        Preview:.PNG........IHDR.............Q......PLTEGpL.............................................................................................................................................................................................................................................................................................................................................................................................*m.5....tRNS.Z.$........>.........t@...\...V..J..D..*........X(.f......|"<d..`.PN.2.,....T.4H........p.~r..F LB0....b.&j8^6..hn.x.:Rlv.z=......IDATx^...S.I.../.......B.$."....`L..6`p.a.n..~..M......U.[E..T...*.~.....P.....O%.!...B...Ib......;.)..].!.....Z..:.[....S..!....[...Z....zh........g.....@.d..@......-.X......d3...fJ.q..R.Q...2X...ze.V...,....c..U.O.U.GW.[.......o(.,...j@.h~._....L.*.......K...ou..{...s..9..0.O.......LYM........[.+.....@..ldJD..G...W..+..........s.5.^..DCE....:...n...l..]E..).R.... 4hkH....x.V~S<2.I..[./..=...V#G....3D.NT..D.

                                                                                                                                                                                                        Chrome Cache Entry: 1014

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (533)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):5547
                                                                                                                                                                                                        Entropy (8bit):5.234104150395812
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:+E8YzVFXsVws8HYnkfI+C4yVdbaiGkNF2LSaAuEeRzgf5j6YJR79hamaWslv0Rw:+ajsVws8Hlzg2i/N9hzWgf5jhJR79haZ
                                                                                                                                                                                                        MD5:936A7C8159737DF8DCE532F9EA4D38B4
                                                                                                                                                                                                        SHA1:8834EA22EFF1BDFD35D2EF3F76D0E552E75E83C5
                                                                                                                                                                                                        SHA-256:3EA95AF77E18116ED0E8B52BB2C0794D1259150671E02994AC2A8845BD1AD5B9
                                                                                                                                                                                                        SHA-512:54471260A278D5E740782524392249427366C56B288C302C73D643A24C96D99A487507FBE1C47E050A52144713DFEB64CD37BC6359F443CE5F8FEB1A2856A70A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/jsbin/intersection-observer.min.vflset/intersection-observer.min.js
                                                                                                                                                                                                        Preview:/*.. Copyright 2016 Google Inc. All Rights Reserved... Licensed under the W3C SOFTWARE AND DOCUMENT NOTICE AND LICENSE... https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document..*/.(function(f,h){function t(a){this.time=a.time;this.target=a.target;this.rootBounds=a.rootBounds;this.boundingClientRect=a.boundingClientRect;this.intersectionRect=a.intersectionRect||q();this.isIntersecting=!!a.intersectionRect;a=this.boundingClientRect;a=a.width*a.height;var b=this.intersectionRect;b=b.width*b.height;this.intersectionRatio=a?b/a:this.isIntersecting?1:0}function d(a,b){b=b||{};if("function"!=typeof a)throw Error("callback must be a function");if(b.root&&1!=b.root.nodeType)throw Error("root must be an Element");.this.g=y(this.g.bind(this),this.B);this.D=a;this.h=[];this.i=[];this.s=this.L(b.rootMargin);this.thresholds=this.J(b.threshold);this.root=b.root||null;this.rootMargin=this.s.map(function(c){return c.value+c.unit}).join(" ")}function y(a,b){var c=null;return function

                                                                                                                                                                                                        Chrome Cache Entry: 1015

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (58866)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):121744
                                                                                                                                                                                                        Entropy (8bit):5.177273205732366
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:sLQpmW+m/KTYGu9AoaI/mQVzm75W8Zcz834SS40FGXUQvqO4pxuor3lQNO301J8V:ZI2eIgRXGQLv90/I9aCIqYtpp
                                                                                                                                                                                                        MD5:8BEB739E6BB4732AF23FF7DD0D9342E1
                                                                                                                                                                                                        SHA1:39A0DBC021A269E1060A566A63679512CD4A153A
                                                                                                                                                                                                        SHA-256:5502CCD33537C3542EDCC20C98D9420D5A1587A12507DA57B89F8B6E77DA1E23
                                                                                                                                                                                                        SHA-512:F5D6A7E34F0FE92C6BFBFDC10ECD7CF332302995805908DF9B55CE6A8CAED32B86BA33D82A5B4020BCDAD062B2BB9EE7AA6DB65504E196EA00CF50EB6D8058D6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3iKvn4/yk/l/en_US/8c74ZM0ScLp.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometUFICommentListRendererForCommentsAPITahoe_renderer$normalization.graphql",["CometTextWithEntitiesRelay_textWithEntities$normalization.graphql"],(function(a,aa,b,c,d,e){"use strict";a=function(){var a={alias:null,args:null,kind:"ScalarField",name:"id",storageKey:null},b={alias:null,args:null,kind:"ScalarField",name:"__typename",storageKey:null},c={kind:"Variable",name:"location",variableName:"feedLocation"},d={kind:"Variable",name:"use_default_actor",variableName:"useDefaultActor"},e={alias:null,args:[c,d],kind:"ScalarField",name:"can_viewer_comment",storageKey:null},f=[d],g={kind:"TypeDiscriminator",abstractKey:"__isActor"},h={alias:null,args:null,kind:"ScalarField",name:"name",storageKey:null},i={kind:"Variable",name:"scale",variableName:"scale"},j=[{alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null}],k={alias:"profile_picture_depth_0",args:[{kind:"Literal",name:"height",value:32},i,{kind:"Literal",name:"width",value:32}],concreteType:"Ima

                                                                                                                                                                                                        Chrome Cache Entry: 1016

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):35166
                                                                                                                                                                                                        Entropy (8bit):7.955833171657125
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:WSWZtAXVlOcjjjjjjnrlu7R/dJKpX3a7qr8d9rQaUyqdvjX7CsiHdJukc6cuc+Go:WSWZqPHKVJlrXVSL3jPM3R4vKfmx0
                                                                                                                                                                                                        MD5:1FF9B8D91D58D7531FE96FF87F4B6458
                                                                                                                                                                                                        SHA1:C94F0DD7E76C5FAF8591C84CE1B4016EE7AAF82D
                                                                                                                                                                                                        SHA-256:4FBDF05A3E048876889B0B36BC0102FC5E85612F85CFF73871ED3DB6C9423DC8
                                                                                                                                                                                                        SHA-512:59E26BFD1B44431D6EE959EC92220C37CC9E1D9F051090A276C3ED27ABE910EA3EA40D12880369793CB76E3C183E529FD65BECC938146C90A33C2EF9C3C2E72C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426166576_399616406052465_4268749543528247153_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=3JaVY4IWz3kAX8YNVSo&_nc_ht=scontent-lga3-2.xx&oh=00_AfAvWETlXrzDjzpb6cHsENE7Q-DSs9FbwQ3_JglkHMlPpQ&oe=65DB49AD
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a71010000061800003f2c0000a52e000022310000c83b0000005200003e580000d75b0000715f00005e890000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."................................................................................H..................................................................................................................................0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C.0C...7..;>..<>..<>..<>...g...g.D...T|..#>t}._..Fg............'..'..'....p...A.7>..?.3...C...J...........P|..Y.4>..?.......:...../.Qg.O..$.... .....................3$.F@..!."I.e!.Lp.....6.9F.#8... ....4.B.......D........4....`.&...L...4Z...\...r....$q.NH..(......(.....C..@.0V...hW(...jW(.....b`.......L$.caR..@.. .. ..`...h. T.hp....10.@`.......$.. `.L`....T..4.......2DH"6.-.D..@0.P...H.........1.i..0!.....9E.i..6.0.P.......X

                                                                                                                                                                                                        Chrome Cache Entry: 1017

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):5430
                                                                                                                                                                                                        Entropy (8bit):2.6465732373896285
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:Es5ed8vZa+/kffJTyN5J5iXSvjDxatgFFjiZq1MJUikeVgl2fwFfBaTzh4mpCbak:2fq3OqXAzh4jaJV9HxG8Q
                                                                                                                                                                                                        MD5:3E764F0F737767B30A692FAB1DE3CE49
                                                                                                                                                                                                        SHA1:58FA0755A8EE455819769EE0E77C23829BF488DD
                                                                                                                                                                                                        SHA-256:88AE5454A7C32C630703440849D35C58F570D8EECC23C071DBE68D63CE6A40D7
                                                                                                                                                                                                        SHA-512:2831536A2CA9A2562B7BE1053DF21C2ED51807C9D332878CF349DC0B718D09EEB587423B488C415672C89E42D98D9A9218FACE1FCF8E773492535CB5BD67E278
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/yT/r/aGT3gskzWBf.ico
                                                                                                                                                                                                        Preview:............ .h...&... .... .........(....... ..... ..........................................h. .f...............f...g...d.@.........................`...e...f...f...............f...f...f...e...p...............`...f...f...f...f...............f...f...f...f...f...p...........e...f...f...f...f...............f...f...f...f...f...e.......d.@.f...f...f...f...f...............f...f...f...f...f...f...h. .e...f...f...f....U..........................y'..f...f...f...g...f...f...f...f...............................U..f...f...f...f...f...f...f...f..................................f...f...f...f...f...f...f...f...f...f...............f...f...f...f...f...f...f...f...f...f...f...f...f...............p...f...f...f...f...f...f...f...f...f...f...f...f...................d...U..f...f...f...e...h. .f...f...f...f...f....d......................f...f...f...h.@.....f...f...f...f...f...f....t.................f...f...f...........p...f...f...f...f...f...f...f...f...f...f...f...f...`...............p...f...f...f...f

                                                                                                                                                                                                        Chrome Cache Entry: 1018

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2360)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):216276
                                                                                                                                                                                                        Entropy (8bit):5.455491059432931
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:E0nzyu8ItYoHFldaY4xzuQVLlGDPcHGcpP:lnCuYgTaY4/GqGQP
                                                                                                                                                                                                        MD5:A1C97A27D5C64B97D4E96D5EACA3B8AA
                                                                                                                                                                                                        SHA1:89C48372DBAD07D2EFE10475B14E6CDCA0BC2E80
                                                                                                                                                                                                        SHA-256:C150006B9F983B4716C91B10C2E5888857F52E303BE151F27A9DF26FF2CE900B
                                                                                                                                                                                                        SHA-512:7D18B750F8293E0606A43FC114D7E2AA0BD671C1A552F955A5A0137AB9F03ABD27AB03E3127E0E7BAE8B5947F301B5139FA0227DE8B6E2B8FB232A2679F5AD18
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlFU0Eb88gCMWemHf1wS2H0QUzNV-Q/m=_b,_tp"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x689603f, 0x2040058e, 0x3f34e599, 0x30e4e33d, 0x0, 0x0, 0x3006b000, 0xe, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Ra,haa,$a,cb,db,eb,fb,iaa,gb,lb,jaa,kaa,pb,naa,paa,Eb,qaa,taa,vaa,Aaa,Qb,Caa,Daa,Iaa,Oaa,Paa,Maa,Qaa,Vaa,Waa,Yaa,Zaa,$aa,aba,Lc,dba,cba,fba,Pc,Oc,hba,gba,kba,jba,Vc,nba,oba,dd,cd,Rc,zba,wba,Aba,Bba,Eba,Gba,Hba,uba,Qd,Rd,aca,je,cca,ke,dca,fca,hca,lca,mca,nca,oca,rca,tca,xca,yca,Cca,Mca,Ica,Oca,Qca,Rca,Uca,Wca,Zca,$ca,ada,bda,cda,fda,jf,gda,ida,lda,mda,aaa,nda,Af,oda,Cf,pda,qda,Ef,sda,Gf,zda,Dda,Cda,Of,Fda;_.aa=function(a){return fu

                                                                                                                                                                                                        Chrome Cache Entry: 1019

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):15860
                                                                                                                                                                                                        Entropy (8bit):7.988022700476719
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:S7qmPTF4N21t//YW2FS6+1XxrsbGmjlAbvqMmtCN:S621tHY4xwbGmjloSM7N
                                                                                                                                                                                                        MD5:E9F5AAF547F165386CD313B995DDDD8E
                                                                                                                                                                                                        SHA1:ACDEF5603C2387B0E5BFFD744B679A24A8BC1968
                                                                                                                                                                                                        SHA-256:F5AEBDFEA35D1E7656EF4ACC5DB1F243209755AE3300943EF8FC6280F363C860
                                                                                                                                                                                                        SHA-512:2A71EDB5490F286642A874D52A1969F54282BC43CB24E8D5A297E13B320321FB7B7AF5524EAC609CF5F95EE08D5E4EC5803E2A3C8D13C09F6CC38713C665D0CE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
                                                                                                                                                                                                        Preview:wOF2......=...........=..........................d.....^.`.. .H..<........8........6.$.... ..~. ..)..~E......6..J..`.. :.....8.;..5......!.l.j.%SX.SDm...RXh...&.X......5..._...............@...8...Gi..g.;9..'.Q......1..5.U.....w.+.hn..........c.....5.#{..%.#.JP*..i.J..U(.6.D5V.<"Ex6"...k..[..{.?.d2....{.........*W.......S...hT,.l..'.9.;[@..._.L..|+...)......S...9F......T..t...-=X.:FtZ..uZ.[.?..f<.....@.....'...I...e..........8.?..-R.3,%X...I2|.Wk{i...V2C....H$.H.LH.{.........(...6U..%W[t.R....j.........iS..%..L....rf.=..7..9i.I...1.Mj..C..u.B.........vJ.....+.u$.=..3..T..R.._.gs...6).$.-.PUH..Hl....WDd.......fK.(B.F1>..5.._[..]}VA#X...c.....%.(s50...m...^...1...'.$U*H.t...H...s.AZu...'...8.p...@.@.....q..Y.#.....#.....G.....G@..o8. A........:.........S.:..N.S.j.....tav.}.9h..s.....he.......{,~k...,eK.z}.......5%G...l.uCK.....V..............m.....U}.Sz..Z.c.{.....:..g......>h..'|Z........a....^.b...o.>...g........f../w'....Ja.o(

                                                                                                                                                                                                        Chrome Cache Entry: 1020

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2360)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):216277
                                                                                                                                                                                                        Entropy (8bit):5.455502756372822
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:j0nzyu8ItYoHFldaY4xzuQVLlGDPcHGcpP:QnCuYgTaY4/GqGQP
                                                                                                                                                                                                        MD5:92BBD73283CCF052912D68922E212C38
                                                                                                                                                                                                        SHA1:92F9A1D0628EE58A31E234953548FF16E3B390B4
                                                                                                                                                                                                        SHA-256:BD33427A7076736CB9783D3E994B178A1882002E5B3F2D902D204A47A96AEA77
                                                                                                                                                                                                        SHA-512:D854079F95E08F624D8B0E27732F54A8D17C33B0F3661E7D9370CEC5418605BBBCC689930462A261CD92570CE4F30CD8457A4CDA702C29B73DA05B00628FD0F3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlEEgWEfV3yt47xiVu7pvO4I3STIzw/m=_b,_tp"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x1689603f, 0x2040058e, 0x3f34e599, 0x30e4e33d, 0x0, 0x0, 0x3006b000, 0xe, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Ra,haa,$a,cb,db,eb,fb,iaa,gb,lb,jaa,kaa,pb,naa,paa,Eb,qaa,taa,vaa,Aaa,Qb,Caa,Daa,Iaa,Oaa,Paa,Maa,Qaa,Vaa,Waa,Yaa,Zaa,$aa,aba,Lc,dba,cba,fba,Pc,Oc,hba,gba,kba,jba,Vc,nba,oba,dd,cd,Rc,zba,wba,Aba,Bba,Eba,Gba,Hba,uba,Qd,Rd,aca,je,cca,ke,dca,fca,hca,lca,mca,nca,oca,rca,tca,xca,yca,Cca,Mca,Ica,Oca,Qca,Rca,Uca,Wca,Zca,$ca,ada,bda,cda,fda,jf,gda,ida,lda,mda,aaa,nda,Af,oda,Cf,pda,qda,Ef,sda,Gf,zda,Dda,Cda,Of,Fda;_.aa=function(a){return f

                                                                                                                                                                                                        Chrome Cache Entry: 1021

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 15920, version 1.0
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):15920
                                                                                                                                                                                                        Entropy (8bit):7.987786667472439
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:sShqOXQlaSchOwK0uFvRqq3xR/xb5OY3aU/lHS9WE2YeK1os:sShJKaScJK0uFvRvxb5OY3aU/lHkmK
                                                                                                                                                                                                        MD5:3A44E06EB954B96AA043227F3534189D
                                                                                                                                                                                                        SHA1:23CEF6993DDB2B2979E8E7647FC3763694E2BA7D
                                                                                                                                                                                                        SHA-256:B019538234514166EC7665359D097403358F8A4C991901983922FB4D56989F1E
                                                                                                                                                                                                        SHA-512:FAB970B250DD88064730BD2603C530F3503ABB0AF4E4095786877F9660A159BF4AD98C5ABEA2E95EB39AE8C13417736B5772FCB9F87941FF5E0F383CB172997F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
                                                                                                                                                                                                        Preview:wOF2......>0.......T..=..........................d.....^.`.. .\..<.................6.$.... .... ..S.!.%c.......|y...6..;.s#.....x_<..o..........l...J.`p.m..6...h....U.pD...R.J.$...W..`7w...[..qD....<P......J.x.+J-^....va...:.KW..Ph...."....{.W4C....p..1..........CH.....P.............Q%.=.F.....1.%J....d..X..J.<AU..b.N...<l...d...f..^Y..]..&...VQ.<.....F..{.....&{.+J;.... .2P.:.*5..?.o.|....V[t..M..#..d.fv...........4..`.).h..h......@u........4......~.....r.B...p1.P.T..<....r....Y..8...GQ1.t.....%..-Wh..:W.....1l-...@..hL}...lN.._.j...D`..sn.=(...W..?.Z..p.52..H...X...)..CJ...V..*7.....<|..i...{...R.M+[..|..x-..M3...~!\.l6}.T.o.R'$.)..-.W.T....A...5?.{.2.bR.../....*l..;...{..I>.n..MJ.2........U&. ..(L]].%P.$..p59.LD.f.........V.....z.5~.2\......#.4....9_....%wp.OU.0.....CK..../.x. ..A2e...@...(.i..f./.....`1.......!......@....0 vbt.e v./!...N=>:..A...(...f....?.....iH.F..!k.6.O6S..54.^c..2.G.?6....)b......lv.,h....Y.}.?..uk....L.4d.g..6.\.1u..

                                                                                                                                                                                                        Chrome Cache Entry: 1022

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):490
                                                                                                                                                                                                        Entropy (8bit):5.231372862001212
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:kxeXjxeX4wFrimobO4xpOPdsioQgKfvDkRle8kbRNfeX60:kMYDZimobPxIPu7QgKfLZprGJ
                                                                                                                                                                                                        MD5:97CAE0078A9DD441BB3CBB6A1BC234AB
                                                                                                                                                                                                        SHA1:A575C8BAA3BDBEF277A82B4F6B4D7741197E25B2
                                                                                                                                                                                                        SHA-256:E1B58C6A10E789244835530A36AAB8C50681E5E11D9C0B596694EE601EF08B24
                                                                                                                                                                                                        SHA-512:3BA879BAF17E992F91F67435584F79539ABEF8CF175949669DDCCB174CBB7593B2E1BA18C857ECCE1CCEC8660CC6268FD610F0EAF4DCF8D068D9B836BEE2F862
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=XiNDcc"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.LIa=_.y("XiNDcc",[_.aoa]);._.k("XiNDcc");.var pI=function(a){_.J.call(this,a.Ha);this.aa=a.Ea.hz};_.A(pI,_.J);pI.Ba=function(){return{Ea:{hz:_.oI}}};pI.prototype.mB=function(){var a=this.aa;_.G3a(a);_.F3a(a)};_.K(pI.prototype,"IYtByb",function(){return this.mB});_.M(_.LIa,pI);._.l();.}catch(e){_._DumpException(e)}.}).call(this,this.default_AccountsSignInUi);.// Google Inc..

                                                                                                                                                                                                        Chrome Cache Entry: 1023

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (10908)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):487178
                                                                                                                                                                                                        Entropy (8bit):5.574011754960032
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:05r0PfcrnFasY0aSIEWGPcGCmvH29uwgpxz6lSff9XDMl2W/fel7Ow/qTBPci26c:0Av5hMwgpXlW/f+yTZciIACUz8QPui7k
                                                                                                                                                                                                        MD5:5A628C5E1CE6443EFAA7D27F3897E6FB
                                                                                                                                                                                                        SHA1:534BDFAC4EED8019EA7473D64789688039718754
                                                                                                                                                                                                        SHA-256:19280F15B316EFB0A870BA89B53C4A3EA653DCFBB5FF5B0C6C9ED7B177613515
                                                                                                                                                                                                        SHA-512:D37F267CCA09B2BFCB1EAF0F6FC69F4E4813EF4D9E96FB4D75B7027C7180CE22A6A08658148F5AA07CAF52669D8BCDF02A7FBEC8D5A79C48CA85070FBACE8376
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3iiqW4/yZ/l/en_US/a9CIW7r0LUeYFZAZTRXrqCrVCiehpPxO1r5U3aG_1V6P1w2TF_zjTjnW4FbVE7VLZhah1m-QatNLCvPbvFcpHZo5jFgIVR4NSd8LTTVpVOKUoI1i_pdlivXmwa2O3nvkFqAE01U975kCvVo5VdgSV-eRKaWgG9iZI3TVF3bINdSIhPHL0dpVCRBCDkRIDOWfZomugVzXJNekCZ6S34zcHhszLr0G.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometFeedStoryMenuQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="7083058335113269"}),null);.__d("CometFeedStoryMenuQuery$Parameters",["CometFeedStoryMenuQuery_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("CometFeedStoryMenuQuery_facebookRelayOperation"),metadata:{},name:"CometFeedStoryMenuQuery",operationKind:"query",text:null}};e.exports=a}),null);.__d("CometFeedStoryMenuSection_promotion.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometFeedStoryMenuSection_promotion",selections:[{alias:null,args:null,concreteType:"QuickPromotion",kind:"LinkedField",name:"local_alerts_story_menu_promotion",plural:!1,selections:[{args:null,kind:"FragmentSpread",name:"useCometTooltipQP_quickPromotion"}],storageKey:null}],type:"CometFeedStoryDefaultContextLayoutStrategy",abstractKey:null};e.exports=a}),null);.__d("useCometTooltipQP

                                                                                                                                                                                                        Chrome Cache Entry: 1024

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):49990
                                                                                                                                                                                                        Entropy (8bit):7.9518774074261245
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:F4Q8GXBbYzjPq+A0vtKTXj4p+w9rkrSrt5NocMxmglhUpsLYG06Q+YUVsnmYwUtb:N8GXBmwetEjLM4GrvzM7scYG0PismYiE
                                                                                                                                                                                                        MD5:86296DCC91373F2652C019446687CEAA
                                                                                                                                                                                                        SHA1:2BA82C3EDC5AA20F84ED91C702E04D5FE2163792
                                                                                                                                                                                                        SHA-256:CCA26454CB0A17D755F80A39C717F919AFAE554C6944AB2358DCF4CACDAD90B4
                                                                                                                                                                                                        SHA-512:8C939201D67ABCF8DE4B483D9C3985BBED780F612B635763AFA59E2BF339E8089850DE17E0986034F9C5EAB8E40B2B77253300EBFF21FDE749303F729423FE4A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/423533159_757722919654278_5373917296496529925_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=HcXP9TSihNcAX8YKr5G&_nc_ht=scontent-lga3-2.xx&oh=00_AfC7VGf5YSZJdgsgh_B4FGf_VuLdg6Zk6DAyVgIISMBM3g&oe=65DA7D25
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a71010000cc170000ed370000753a0000cc3d000080570000f27c00002683000081860000a48a000046c30000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".....................................................................................................................................................................................................................................................9.9.9.9.9.9.9.9.9.9.9.9.9.9.9..NM8t.................9.....N......:.ItJ..RP..{.g`P.DN.g.-.7<~.7....u.......cdc..$..............9>...p8~........M.....g].F&.\9......M.k..p}...u........o.v....x......V....^....[.....eh..xL|..W...............g'.s...p..]..]..\tt.Gq..yt.\&{..}Z....^[>..M...Gk.....W.m..^_...v...j0>..-.1.1._..............t..s..\..O.pE.\.;..;..;..;..;..;..^....pC.pC...;.pC.pE.a...:|.............V....*......*.

                                                                                                                                                                                                        Chrome Cache Entry: 1025

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (10590)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):30454
                                                                                                                                                                                                        Entropy (8bit):5.576137902379071
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:8/86aj6dY3cJpu4MN0As67qVOqIfhE8r8to8p85at48Wpe8KU8s7MiT8PtFvd:87aj5MJpu4MN0As6H5Gt4vuiTEZd
                                                                                                                                                                                                        MD5:80EC39CA7A3BE13B675B5751FFBF45B0
                                                                                                                                                                                                        SHA1:82161B242CFF2FBE988C3A838A057F083D524F40
                                                                                                                                                                                                        SHA-256:C41583B8960E530A88B12C0780549D8C99A74B2CC5F983C686B6C585F699D98B
                                                                                                                                                                                                        SHA-512:0382ED1DC9F412B176B514365C9AAFA1495D5FC692F07773F42C5F9E5EFCB7229ED16F14A48184C5850395D5037A3474D92C641020149F514767BB12F474D001
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3iYu44/yU/l/en_US/nNbHix9dhZw.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("GroupsCometMemberProfileLink_group.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"GroupsCometMemberProfileLink_group",selections:[{alias:null,args:null,kind:"ScalarField",name:"answer_agent_id",storageKey:null}],type:"Group",abstractKey:null};e.exports=a}),null);.__d("CometDisabledContext",["react"],(function(a,b,c,d,e,f,g){"use strict";var h;a=h||d("react");b=a.createContext(!1);g["default"]=b}),98);.__d("BaseHScrollConstants",[],(function(a,b,c,d,e,f){"use strict";a=1600;b=10;f.MAX_CONTAINER_WIDTH=a;f.WIGGLE_ROOM=b}),66);.__d("smoothScrollTo",["ExecutionEnvironment","UserAgent"],(function(a,b,c,d,e,f,g){"use strict";var h,i=c("UserAgent").isBrowser("Firefox");b=(h||(h=c("ExecutionEnvironment"))).canUseDOM&&window.matchMedia("(prefers-reduced-motion: reduce)");var j=b&&b.matches,k=(h||(h=c("ExecutionEnvironment"))).canUseDOM&&document.documentElement!=null&&"scrollBehavior"in document.documentElemen

                                                                                                                                                                                                        Chrome Cache Entry: 1026

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (467)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1883
                                                                                                                                                                                                        Entropy (8bit):5.272533861322696
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:o7Y0+YhjHcL3A6Fw2FNWp7xOHAHfIt3Rrkx5lArw:oPHcL/Fc4HA/I25l0w
                                                                                                                                                                                                        MD5:962D83C1E94431815B5E4D41344544FC
                                                                                                                                                                                                        SHA1:08B95C7A5C5D18F31823908C07C4F5D662D868D9
                                                                                                                                                                                                        SHA-256:42799DF72F65B09FB3F22A265966BB14BB376691E1C3119F4D5D537628B27486
                                                                                                                                                                                                        SHA-512:C7E3B9DC2CCE90799252ED4418718CF52023EBFA23D3FE4576CF5B82E82CCDF2C7184E1989A3A3B91DBFE2FE72BBE7E8C7354F016F4FEE10B48CFA62F91C362D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.ZX=function(a){_.I.call(this,a.Ha);this.window=a.Ea.window.get();this.Ac=a.Ea.Ac};_.A(_.ZX,_.I);_.ZX.Na=_.I.Na;_.ZX.Ba=function(){return{Ea:{window:_.lr,Ac:_.kC}}};_.ZX.prototype.Gn=function(){};_.ZX.prototype.addEncryptionRecoveryMethod=function(){};_.$X=function(a){return(null==a?void 0:a.aq)||function(){}};_.aY=function(a){return(null==a?void 0:a.mca)||function(){}};_.bY=function(a){return(null==a?void 0:a.cq)||function(){}};._.Szb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.cY=function(a){setTimeout(function(){throw a;},0)};_.ZX.prototype.fJ=function(){return!0};_.ir(_.im,_.ZX);._.l();._.k("ziXSP");.var AY=function(a){_.ZX.call(this,a.Ha)};_.A(AY,_.ZX);AY.Na=_.ZX.Na;AY.Ba=_.ZX.Ba;AY.prototype.Gn=function(a,b,c){var d;i

                                                                                                                                                                                                        Chrome Cache Entry: 1027

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):52
                                                                                                                                                                                                        Entropy (8bit):4.542000661265563
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:yVkxzNDrMKcwVbF7KnZ:yVkxtkwVbF7KZ
                                                                                                                                                                                                        MD5:B3B89B9C275343BC6798E3A83564FDDB
                                                                                                                                                                                                        SHA1:32367475C527C3F5E5DB0BF42C348816FF4D157B
                                                                                                                                                                                                        SHA-256:900FB968F7FD9EA55F600AC9002A89E56AB56597DA7BDE04DEAAE6CC77AEB276
                                                                                                                                                                                                        SHA-512:ADB6938104E802B0936630B216CDE732F21ECA6E60E7A31D1B9C8FF52B5A66A712A7ECDE3F8ED4915D15C0A71C33A9788060E1E22999094C39020A1F8C636874
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                                                                                                                                                                                                        Preview:CiUKDQ0ZARP6GgQIVhgCIAEKCw3oIX6GGgQISxgCCgcN05ioBxoA

                                                                                                                                                                                                        Chrome Cache Entry: 1028

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4626)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):23279
                                                                                                                                                                                                        Entropy (8bit):5.407857871342186
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:bBQaRLUCHqNBPWqYjqr70r2vZ7Jg8qlL2XikJyJpXZ:bzLUCKNBzYuX0r2hJJBYTXZ
                                                                                                                                                                                                        MD5:7001296FE9C04A4056B6AEE2E4CA1977
                                                                                                                                                                                                        SHA1:CCDCF52DC50A43D48452633F6E4D0B17B7C7F008
                                                                                                                                                                                                        SHA-256:7A18C2C3022B0FFDCA24E076929CAF4F053FED4C1E8ED3DB08BBE0DAE1F11332
                                                                                                                                                                                                        SHA-512:9B81E709540455174A90594B7509E0E529FD69B5E029E160EE824978EFA9243973E473578FED9CCF04F73952F98A5190BDA5C7DE7A7AD469DA4EB18333E67C57
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3ib3v4/yo/l/en_US/vwqID5lbHXG.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometInputWithCommands.react",["CometComponentWithKeyCommands.react","CometKeys","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||(h=d("react")),j=h.useMemo;function a(a){var b=j(function(){var b=[];a.enter!=null&&b.push({command:{key:c("CometKeys").ENTER},description:a.enter.description,handler:a.enter.handler,triggerFromInputs:!0});a["delete"]!=null&&b.push({command:{key:c("CometKeys").DELETE},description:a["delete"].description,handler:a["delete"].handler,triggerFromInputs:!0});a.up!=null&&b.push({command:{key:c("CometKeys").UP},description:a.up.description,handler:a.up.handler,triggerFromInputs:!0});a.down!=null&&b.push({command:{key:c("CometKeys").DOWN},description:a.down.description,handler:a.down.handler,triggerFromInputs:!0});a.tab!=null&&b.push({command:{key:c("CometKeys").TAB},description:a.tab.description,handler:a.tab.handler,triggerFromInputs:!0});a.esc!=null&&b.push({command:{key:c("CometKeys").ESCAPE},description:a.esc.description,handler

                                                                                                                                                                                                        Chrome Cache Entry: 1029

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (574)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):3448
                                                                                                                                                                                                        Entropy (8bit):5.503407220514003
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:owTtCS2i2TETsWBzJAtUN6cp5YWYAnAcNw:TtCSRl1oWzQ
                                                                                                                                                                                                        MD5:A0CA5025133EF8EAC67D3971531E6D66
                                                                                                                                                                                                        SHA1:53753753B9C0B5B49718E03A75CE008545648B2D
                                                                                                                                                                                                        SHA-256:0D44C4E741D6F118622C1985B0DD0F3E5CD617EC49F9EE6BF7D8A21DBC8C0525
                                                                                                                                                                                                        SHA-512:B905A62337D4BF4634F26FDED2782FF3B30662968E6EEF5B9EB8B3A1D38661B80B8FC66D97FEFC54DEEFBE12DC4E201796F487C0C0ACC7FE06087C802E32AADB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,XiNDcc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var Dsa=function(){var a=_.pe();return _.gj(a,1)};var Oq=function(a){this.Ga=_.t(a,0,Oq.messageId)};_.A(Oq,_.w);Oq.prototype.Ja=function(){return _.Ki(this,1)};Oq.prototype.Wa=function(a){return _.oj(this,1,a)};Oq.messageId="f.bo";var Pq=function(){_.ll.call(this)};_.A(Pq,_.ll);Pq.prototype.Tc=function(){this.tO=!1;Esa(this);_.ll.prototype.Tc.call(this)};Pq.prototype.aa=function(){Fsa(this);if(this.Hz)return Gsa(this),!1;if(!this.uQ)return Qq(this),!0;this.dispatchEvent("p");if(!this.aK)return Qq(this),!0;this.RH?(this.dispatchEvent("r"),Qq(this)):Gsa(this);return!1};.var Hsa=function(a){var b=new _.eo(a.F_);null!=a.fL&&b.aa("authuser",a.fL);return b},Gsa=function(a){a.Hz=!0;var b=Hsa(a),c="rt=r&f_uid="+_.sh(a.aK);_.Ol(b,(0,_.Sf)(a.ea,a),"POST",c)};.Pq.prototype.ea=function(a){a=a.target;Fsa(this);if(_.Rl(a)){this.LF=0;if(this.RH)this.Hz=!1,this.dispatchEvent("

                                                                                                                                                                                                        Chrome Cache Entry: 1030

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):22854
                                                                                                                                                                                                        Entropy (8bit):7.970852909542257
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:GmFHoGKNZqUF/YCu7QEY2UZ87r/3WiFVSt9egG9m4svR+ZUmwPJYlPtmpArklU:GmFIGKzqs/YCu7QEY2UQ/3Wpt9egGmZw
                                                                                                                                                                                                        MD5:DDFA55C63AE0C44CA90EEEDCF31ED3D8
                                                                                                                                                                                                        SHA1:8FCFB2A1DBF341E023B488BC99D0B3A90B497D5A
                                                                                                                                                                                                        SHA-256:0484B79037E1397AB8FEF1045FAE57665A2B8938B6F628F01D256962A7002F51
                                                                                                                                                                                                        SHA-512:FF48A313EA778A6CBA3FAED81F939FFFE54D6BAE422E868162DBE1CE920FE69965272E671BAC4CD86044FBA871F34CD3DBF1C2D2FE87EDC6E442D804F636CDFD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426298841_1492415047972648_5212976652358649185_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=kESdgojdjQwAX-vciDl&_nc_ht=scontent-lga3-2.xx&oh=00_AfCkLCLuaAN1hpkn2W_GhMGtY0uHotI_SBZYNbu_XTOF3A&oe=65DAB407
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a71010000bb06000001110000591300000c15000070220000fb34000013360000ba380000ad3a000046590000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."...............................................................................;..O;.....R...r.....X.%Z......o(:..4.T....f.GMA.Q2.O[.r.....j..Z..+/F..I,Z.X..:.....Q....s../....#|..IA..0.:2..(.....d...}k....i.Q......E..Wu`..L_L._6.t.(..e..~J1.N....@./|.L.d1QU1.P5.[`.K..7.{..&.3..1.~....16<....V>.}..@Ng..rf.j0[,.Y.....'.9JH..KE..t%c.....s..l........?.rY..b3.Q...t...c.e#Mm.7.:....y.;gF..8.p.y.Uu.e..-:....)L.X)..{.Q...p.....K.....@_w..c.T....w..r...RCd...E.L:shT:.AD...........A..O.....}........-.......?}u........U...J....Od..v.9"oi....u.....M....z/..#q....}R?.....=.e....<..u...u^..{....hC..H.......p.D....&.?....]8..t.o.....[....'V{.e..o .&.=grY.."._.j..4.g..

                                                                                                                                                                                                        Chrome Cache Entry: 1031

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4919)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):773611
                                                                                                                                                                                                        Entropy (8bit):5.568289233911732
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:Jme85Yf5fEt77xSzVJXd44E8W6t7pI7hLPGMZQ+jVkta9HAMBelqm5am:iZSzV4e7WjVktnwXm
                                                                                                                                                                                                        MD5:603BD5477F860601C06AF674299F3B07
                                                                                                                                                                                                        SHA1:8B721D80C46D31C96EE46C5A403D69A7353EEE7A
                                                                                                                                                                                                        SHA-256:4BE596B08E676976160AA0B47B524F3DA7CA05BDF6E5735AE9428D87C3078142
                                                                                                                                                                                                        SHA-512:8ABC03B6888183CFD55F88334E7863B954496FE58021B640CAFC00691B1A851745172F04F1707B5AAA58A1237423393A1B8C73280215F256F6C1B4873CA005B4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3ild_4/yU/l/en_US/-__AvVAHG015OW04FZJFYcNb1n1Dnz-toWuECcer9ZzpLIj9cqpcLjQD4AgT6FzeeVDYvatkvPhoO0d94eNKnR7lOuDENWdRgBu3JfZvdWL_j91Rdzuzi16ygGc1wa-Oq19cevyCvEVQbD2OmPobANp9KHpDnYRWx5vjU-Lar4ha9ADn9zGmt_6UlA-lU_6SmVEaVrlFSHhTt9z8sp55HfXW__mMgFRlCsGN0FHwCFoDf7C27gzi95_wmB-51YxoStyBz2gEpqWzCjqUWMgaogygfp_uoh2pEQn4HVER6y-GdB52bvQ0.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometLogInHiddenInputs_data.graphql",[],(function(a,b,c,d,e,f){"use strict";a=function(){var a=[{alias:null,args:null,kind:"ScalarField",name:"name",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"value",storageKey:null}];return{argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometLogInHiddenInputs_data",selections:[{alias:null,args:null,kind:"ScalarField",name:"prefill_contactpoint",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"prefill_source",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"idd_user_crypted_uid",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"locale",storageKey:null},{alias:null,args:null,concreteType:"LoginNameValue",kind:"LinkedField",name:"lsd",plural:!1,selections:a,storageKey:null},{alias:null,args:null,concreteType:"LoginNameValue",kind:"LinkedField",name:"jazoest",plural:!1,selections:a,storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"login_source

                                                                                                                                                                                                        Chrome Cache Entry: 1032

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):75348
                                                                                                                                                                                                        Entropy (8bit):7.986223323795878
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:ruLPgZ/9a7g6h/nMIZ1EBzSQ9rtcfnOfCXd6avooaITVJEvWxcPdb:yLPkVatMo8/ywwdbvoUpSvWxoV
                                                                                                                                                                                                        MD5:E2BF42048C4FAC7976265B339B09B884
                                                                                                                                                                                                        SHA1:6D7644DB37F9D3D05C511BCF825633AD44AACAC9
                                                                                                                                                                                                        SHA-256:0C2A8F02147BC31C649952E746A52F7A4D97ABA8E134CF54D40F892207CF5F9F
                                                                                                                                                                                                        SHA-512:8543BAEF3615435A2F0ABBBC2C79D63D90D2789A3EE292D5139BBCAC55791DFB2CCB5DFAFCB297464B6D8CBA85D08530031A32EEEA653B4051C23EFAFF80D5FC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/425792721_408506441566749_3377289298669230651_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=esRaqpUeLsQAX9hQcJE&_nc_ht=scontent-lga3-2.xx&oh=00_AfCLs25QH4JmNQCa_0frI0apmrCjC2ZUHHV18PmEz3ZZtQ&oe=65DB5E3C
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a700100008a1e0000df4300005e4a0000035200001a72000052a900008baf000039b7000032c0000054260100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."......................................................................................yir..%....B&.*.%B*.*.*.rPQ......D..JPQ.F.J.r.(... "..!..........&4.J.O/(..r....T..kK..M.M.NT.M.%PERD.IJ.T.T.@)..j$..$U.P.....T.....CQCS..8@E.Xn.d.nA....c............V.+Z........ZJ.........$..$D........(j*. H."U....jr...5.-.f?........+...OZ.i..'.P....V.....*i*..".$T".".".A.F.. H.....P(...."..!.......|..*U.B.V.%V....F.bQ.F.-bx...X..B*...Z.-.+Pr...RJ.*.(.*I%H."...)@r.R.&.(.."...".!"..61(.#...J5b..bR.X..V1 .H5..V4.5.kS..C....h)R.j..@.jIRH..jH.$$B.T.@.@I.%.....P.Q.\...bx.bx.`.TbAQ...m.[........x.`z..7U..Z..P....P..$.H.jp.$i..".$..T..H.."."F.......#a9|....NV.<..U.x.`p.F..$n.....0<j.8oM..ME

                                                                                                                                                                                                        Chrome Cache Entry: 1033

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):15552
                                                                                                                                                                                                        Entropy (8bit):7.983966851275127
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:HDKhlQ8AGL0dgUoEGBQTc7r6QYMkyr/iobA2E4/jKcJZI7lhzi:jslQ+LhUoTB0Qr6Qjkg/DmcJufzi
                                                                                                                                                                                                        MD5:285467176F7FE6BB6A9C6873B3DAD2CC
                                                                                                                                                                                                        SHA1:EA04E4FF5142DDD69307C183DEF721A160E0A64E
                                                                                                                                                                                                        SHA-256:5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
                                                                                                                                                                                                        SHA-512:5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
                                                                                                                                                                                                        Preview:wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v.*.7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....|...H....Fk.*-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..|..d...|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

                                                                                                                                                                                                        Chrome Cache Entry: 1034

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):15344
                                                                                                                                                                                                        Entropy (8bit):7.984625225844861
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/w:cqrVO++tw/9CICFbQLlxw
                                                                                                                                                                                                        MD5:5D4AEB4E5F5EF754E307D7FFAEF688BD
                                                                                                                                                                                                        SHA1:06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
                                                                                                                                                                                                        SHA-256:3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
                                                                                                                                                                                                        SHA-512:7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
                                                                                                                                                                                                        Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

                                                                                                                                                                                                        Chrome Cache Entry: 1035

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):15990
                                                                                                                                                                                                        Entropy (8bit):7.9600028505387215
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:TomnjH1AAnoHLtnHMczhyGEVzTvLjMDkmTj8WgUCG+8J65:kmn7REtsD3V/84ocUCGJ65
                                                                                                                                                                                                        MD5:143509F1E9D107D804A52DAD69764407
                                                                                                                                                                                                        SHA1:C84E0408CC054FACD3D71085DAEFA0FAEF153A27
                                                                                                                                                                                                        SHA-256:0C0617A9B1559EF0E9F6564347EA395A78BE49D57CD5BEB78D65D3721EC0F1E5
                                                                                                                                                                                                        SHA-512:B0BB3F674668A74B019C41611F8575A7AEB8313DF81AC6137920A9EF4C03D5887A633EAF4508812E5F6D8F0F5CA58659FC68128037FA03D8B492E531EF5622F8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t51.29350-10/426723713_3627042410867961_5605923069429394965_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=Ku5YSyUzn8IAX9kwnc9&_nc_ht=scontent-lga3-2.xx&oh=00_AfDbb6L8NvhsgkcOBsJdBQPvAKBrey6S4uQ95zPCvCxe-Q&oe=65DAC2F3
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a71010000c1060000620f00005f110000fa120000c11900003c250000522600006a280000442a0000763e0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n....".....................................................................................h........n...S3..(.Sr..n....o..f..\aF......T*...3.He..n_[....wtsp..p.ir{T.>"..e.aIk....x.i.2.SJ.g..z...]..3.,6.5mO"....T..OO.MD.....-.YX.$.ap......g.=f_.f.p..L8..^.....d..w....n......J.../g...e.9....Z...e.......I9..K..J...<.wq..>.7..v=.P.5........R.d..3.y#:..../p'/.wpr*.5..#A....u....%e..kQ..H....N..z.&_YN.AS......:...Q.a...W...Y.)U.C4..6~.....J....@.2....U...A..+....P.1f.....>..'..t2...&.Y...V...5..R%.Y...k.....j..=g....c.~.....N^47...:YtL.M.f...........z.V*.t.%k..Bg{V.|....A..K.....K.5.v..p....%.pF....2..L}'....L1.X.S...mA.)&.gu.vsC..^v..&@Tey.*B<..g.......q.H..,..:..>...

                                                                                                                                                                                                        Chrome Cache Entry: 1036

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):473
                                                                                                                                                                                                        Entropy (8bit):5.240157994693449
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:kxeXjxeX4wFbcloiHKobO4xMl23ZhVgBDKDi7e8kbRNfeX60:kMYDRiqobPxi2fVgB+XprGJ
                                                                                                                                                                                                        MD5:13782B3B1A5B6B82B186225398C96C55
                                                                                                                                                                                                        SHA1:AA9E89FABF00C27173190096499F47FAEE56C684
                                                                                                                                                                                                        SHA-256:1EAF3863ADA2FC1BC5C99F0731313B8046C576403EC8721757F935B8245C2C26
                                                                                                                                                                                                        SHA-512:D966BA31E97827381C2F26E9DC069A6DA26EFFEE26AE9C1965A73C1CFB4A852A6F4C94BF60B1F33719A3AF522CA0B868D99833E422FDEAD8644BD527118AE685
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=XiNDcc"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.HIa=_.y("XiNDcc",[_.Nna]);._.k("XiNDcc");.var DI=function(a){_.J.call(this,a.Ha);this.aa=a.Ea.ez};_.B(DI,_.J);DI.Ba=function(){return{Ea:{ez:_.CI}}};DI.prototype.kB=function(){_.b3a(this.aa)};_.K(DI.prototype,"IYtByb",function(){return this.kB});_.M(_.HIa,DI);._.l();.}catch(e){_._DumpException(e)}.}).call(this,this.default_AccountsSignInUi);.// Google Inc..

                                                                                                                                                                                                        Chrome Cache Entry: 1037

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1738)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):2477
                                                                                                                                                                                                        Entropy (8bit):5.4374502845572525
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:YzcIe4KH/M/TD6CUvU3vpfKYriTFQsC02Ec3b9:YQ9H/Gf73xnWTOecL9
                                                                                                                                                                                                        MD5:B4948C7BFE2D4AEBD9EB3AEABC909110
                                                                                                                                                                                                        SHA1:935F743DADD2E5AE5C65D0E8BB1092430AB5FA26
                                                                                                                                                                                                        SHA-256:67F059105C4A6782057AB478BFF9135A681CD951FD6203DF096FA2A4E8663E9D
                                                                                                                                                                                                        SHA-512:986B28DD77EE735F3BBAC57B45594053D0AEA8CE9E5CD6837DB5CE4446ADD9C768458D0F84FFAC5441A370FF16829490827175420589CE93AA5FC9BAEFC099D0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/_5vDGAzPQ3H.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("Qe2JsExposureFalcoEvent",["FalcoLoggerInternal","getFalcoLogPolicy_DO_NOT_USE"],(function(a,b,c,d,e,f,g){"use strict";a=c("getFalcoLogPolicy_DO_NOT_USE")("1837559");b=d("FalcoLoggerInternal").create("qe2_js_exposure",a);e=b;g["default"]=e}),98);.__d("QE2Logger",["Qe2JsExposureFalcoEvent"],(function(a,b,c,d,e,f,g){"use strict";var h={};function a(a,b){B(a,(a=b)!=null?a:"",9)}function b(a,b){B(a,(a=b)!=null?a:"",9,!0)}function d(a){B(a,"",4)}function e(a){B(a,"",32)}function f(a){B(a,"",32,!0)}function i(a){B(a,"",54)}function j(a,b){B(a,b,3)}function k(a){B(a,"",5)}function l(a){B(a,"",5,!0)}function m(a){B(a,"",31)}function n(a){B(a,"",98)}function o(a,b){B(a,b,7)}function p(a,b){B(a,b,55)}function q(a,b){B(a,b,17)}function r(a,b){B(a,b,25)}function s(a,b){B(a,b,8)}function t(a,b){B(a,b,22)}function u(a,b){B(a,b,27)}function v(a,b){B(a,b,0)}function w(a,b){B(a,(a=b)!=null?a:"",89)}function x(a,b){B(a,b,60)}function y(a,b){B(a,b,90)}function z(a,b,c){B(a,b,c)}fun

                                                                                                                                                                                                        Chrome Cache Entry: 1038

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1555
                                                                                                                                                                                                        Entropy (8bit):7.107402048079722
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:T1hfvWwjx82lY2T3iV7vyJ3VzBYGsBq/qnmnTWApAvgBFBDd4WhjDFWyJZm:ZANn2esJ37Yf583eohTlJZm
                                                                                                                                                                                                        MD5:12430F012C4B6B4A91C63CBF1369E1FF
                                                                                                                                                                                                        SHA1:A8502ADE0C47E23230E5DA9D5658EC1F1DA309D6
                                                                                                                                                                                                        SHA-256:079919E3400BA9BC0D569F5634CC41B2FD1B8E7A721B2B473D21F10FE2FA7F6B
                                                                                                                                                                                                        SHA-512:17B7564088E12CD64AE79E7179EF4B26941370DC442528CB08320FC0D40BEC88D2B77124624685ACF9BA974467E27A7051703761C6FFFE5468C90217CAC5A4A6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/img/favicon_32x32.png
                                                                                                                                                                                                        Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)" xmpMM:InstanceID="xmp.iid:33B346918F4C11E7946BAB1AFF99627F" xmpMM:DocumentID="xmp.did:33B346928F4C11E7946BAB1AFF99627F"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:13441FC48F4C11E7946BAB1AFF99627F" stRef:documentID="xmp.did:33B346908F4C11E7946BAB1AFF99627F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..6.....IDATx..MO.q.....X.B=./H..D...F...^8A........|....^...F...!..H...!.I.`Q.-.8........d.......<..'"....l

                                                                                                                                                                                                        Chrome Cache Entry: 1039

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4919)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):771972
                                                                                                                                                                                                        Entropy (8bit):5.5678723988865055
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:Jme85Yf5fEt77xSzVJXd44E8W6t7pI7hLPGMZQ+jVkta9HAMBelqm5g:iZSzV4e7WjVktnwX
                                                                                                                                                                                                        MD5:A3AAB2FB2BDC5B7A3A78CE8EB66CECDD
                                                                                                                                                                                                        SHA1:D36677CF7AC9F9FC72D279CF4EB9450F297205B2
                                                                                                                                                                                                        SHA-256:C14D98CBEAF189F316FE5169FABAA456CFBBEB8568F8320AFAA89CFD62947AE2
                                                                                                                                                                                                        SHA-512:2C2A3EE8EA8C49C40ED228DD532351B3579D83A8CE800C44DF4D26F06A2F9E43244E99BEE8E08E7797AA9A741F24850C558E12B0A47B48D2A0ACA6C11AA5435A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3ild_4/yu/l/en_US/-__AvVAHG015OW04FZJFYcNb1n1Dnz-toWuECcer9ZzpLIj9cqpcLjQD4AgT6FzeeVDYvatkvPhoO0d94eNKnR7lOuDENWdRgBu3JfZvdWL_j91Rdzuzi16ygGc1wa-Oq19cevyCvEVQbD2OmPobANp9KHpDnYRWx5vjU9zGmt_6UlA-lU_6SmVEaVrlFSHhTt9z8sp55HfXW__mMgFRlCsGN0FHwCFoDf7C27gzi95_wmB-51YxoStyBz2gEpqWzCjqUWMgaogygfp_uoh2pEQn4HVER6y-GdB52bvQ0.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometLogInHiddenInputs_data.graphql",[],(function(a,b,c,d,e,f){"use strict";a=function(){var a=[{alias:null,args:null,kind:"ScalarField",name:"name",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"value",storageKey:null}];return{argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometLogInHiddenInputs_data",selections:[{alias:null,args:null,kind:"ScalarField",name:"prefill_contactpoint",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"prefill_source",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"idd_user_crypted_uid",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"locale",storageKey:null},{alias:null,args:null,concreteType:"LoginNameValue",kind:"LinkedField",name:"lsd",plural:!1,selections:a,storageKey:null},{alias:null,args:null,concreteType:"LoginNameValue",kind:"LinkedField",name:"jazoest",plural:!1,selections:a,storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"login_source

                                                                                                                                                                                                        Chrome Cache Entry: 1040

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (16083)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):740380
                                                                                                                                                                                                        Entropy (8bit):5.729920688068108
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:ZA18+tja0OU+uiAlgU/u0rLDmi6Dcga7ciEskOxCoiuNRF:ZTGjvOZArrdciBkpSF
                                                                                                                                                                                                        MD5:F98FC311A243467E1323D5CF6E73D4E9
                                                                                                                                                                                                        SHA1:C917CCF1F88AA7D74C8CDD4B3A4B5C5270FFA520
                                                                                                                                                                                                        SHA-256:86B01C31FAF78C4C275A4CD608DD112C461B7B3553D50129EFED438000D392A8
                                                                                                                                                                                                        SHA-512:149022F0DA5D7491E9AE198D3DB033865AE1D0E399A0F0BD98BA3EDE34659461D0042B962D10B4DFD45DD29850C6FE734D6027DE00BE4493B8CAC31B6B401516
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,fJpY1b,b3kMqb,EGw7Od,ZUKRxc,my67ye,t2srLd,EN3i8d,hmHrle,mWLH9d,NOeYWe,O6y8ed,fqEYIb,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,lwddkf,SpsfSb,fFzhe,tUnxGc,aW3pY,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,xBaz7b,eVCnO,LDQI"
                                                                                                                                                                                                        Preview:"use strict";_F_installCss(".O0WRkf{-webkit-user-select:none;transition:background .2s .1s;border:0;border-radius:3px;cursor:pointer;display:inline-block;font-size:14px;font-weight:500;min-width:4em;outline:none;overflow:hidden;position:relative;text-align:center;text-transform:uppercase;-webkit-tap-highlight-color:transparent;z-index:0}.A9jyad{font-size:13px;line-height:16px}.zZhnYe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);background:#dfdfdf;box-shadow:0px 2px 2px 0px rgba(0,0,0,.14),0px 3px 1px -2px rgba(0,0,0,.12),0px 1px 5px 0px rgba(0,0,0,.2)}.zZhnYe.qs41qe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);transition:background .8s;box-shadow:0px 8px 10px 1px rgba(0,0,0,.14),0px 3px 14px 2px rgba(0,0,0,.12),0px 5px 5px -3px rgba(0,0,0,.2)}.e3Duub,.e3Duub a,.e3Duub a:hover,.e3Duub a:link,.e3Duub a:visited{background:#4285f4;color:#fff}.HQ8yf,.HQ8yf a{color:#4285f4}.UxubU,.UxubU a{color:#fff}.ZFr60d{position:absolute;top:0;right:0;bottom:0;left:0;background-color:tran

                                                                                                                                                                                                        Chrome Cache Entry: 1041

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1631)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):38504
                                                                                                                                                                                                        Entropy (8bit):5.380911353336594
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:VkzC7vRxeiGDTwuMgroW6Cz7WRisKjcfqaCTCEUnqRkumnntnVT:bTeTgWJ7WqcfqaCTChqXGP
                                                                                                                                                                                                        MD5:556588515D19D3F4678C16D0BB8DB99B
                                                                                                                                                                                                        SHA1:E6887B21F0E68669311C70BF00250E55F6F6F029
                                                                                                                                                                                                        SHA-256:994A75AF5B582099104F446BA121F0D315B47329B541600003D45C318C1280B8
                                                                                                                                                                                                        SHA-512:5A7F9C2A3D1E6A46495A44C9EF5E85D3D154A197545FFCC0CA6C9C4FD14CD954BCC8D337B7D11EC041F839ED75564B15E9274E44CFD1EFCA39D3015EA090AF09
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.Doa=function(a){var b=0,c;for(c in a)b++;return b};_.Eoa=function(a){return a.Vg&&"function"==typeof a.Vg?a.Vg():_.ja(a)||"string"===typeof a?a.length:_.Doa(a)};_.Vn=function(a){if(a.Mg&&"function"==typeof a.Mg)return a.Mg();if("undefined"!==typeof Map&&a instanceof Map||"undefined"!==typeof Set&&a instanceof Set)return Array.from(a.values());if("string"===typeof a)return a.split("");if(_.ja(a)){for(var b=[],c=a.length,d=0;d<c;d++)b.push(a[d]);return b}return _.yb(a)};._.Foa=function(a){if(a.Lg&&"function"==typeof a.Lg)return a.Lg();if(!a.Mg||"function"!=typeof a.Mg){if("undefined"!==typeof Map&&a instanceof Map)return Array.from(a.keys());if(!("undefined"!==typeof Set&&a instanceof Set)){if(_.ja(a)||"string"===typeof a){var b=[];a=a.length;for(var c=0;c<a;c++)b.push(c);return b}return _.Ab(a)}}};.var Goa,Joa,Ioa,Hoa,lo,no,Voa,Moa,Ooa,Noa,Roa,Poa;Goa=function(a,b,c){if(b)re

                                                                                                                                                                                                        Chrome Cache Entry: 1042

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1210)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):78646
                                                                                                                                                                                                        Entropy (8bit):5.412136972940148
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:w/Q5Up0BWTFRcxRpIoMwetxBJ9YDf4YRPlF/hyqqR4Qj2W:87mM1OxAx
                                                                                                                                                                                                        MD5:908E3A26A43D87BAC9396377A9C4B6A8
                                                                                                                                                                                                        SHA1:B9DDB61F1D0A4ED930881B909D3A4B01B2E62C7A
                                                                                                                                                                                                        SHA-256:417FD55B390293D45901B37398ACFC8C3B4FEDE6A395F541C2EE48F732990D61
                                                                                                                                                                                                        SHA-512:4FD58BA30456F96A8704412123BCA4C4A48E976E28BAEADED37232FA7A3C4C3FBAA6B79988DC7190D569D1B6024FB0C2F3EAD621A3E2D280C024D7EEC01011B6
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/jsbin/webcomponents-sd.vflset/webcomponents-sd.js
                                                                                                                                                                                                        Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var k;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}function p(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if("number"==typeof a.length)return{next:aa(a)};throw Error(String(a)+" is not an iterable or ArrayLike");}function q(a){if(!(a instanceof Array)){a=p(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this);function r(){for(var a=Number(this),b=[],c=a;c<arguments.length;c++)b[c-a]=arguments[c];return b};/*..Copyright (c) 2016 The Polymer Project Authors. All rights reserved..This code may only be used unde

                                                                                                                                                                                                        Chrome Cache Entry: 1043

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):490
                                                                                                                                                                                                        Entropy (8bit):5.231372862001212
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:kxeXjxeX4wFrimobO4xpOPdsioQgKfvDkRle8kbRNfeX60:kMYDZimobPxIPu7QgKfLZprGJ
                                                                                                                                                                                                        MD5:97CAE0078A9DD441BB3CBB6A1BC234AB
                                                                                                                                                                                                        SHA1:A575C8BAA3BDBEF277A82B4F6B4D7741197E25B2
                                                                                                                                                                                                        SHA-256:E1B58C6A10E789244835530A36AAB8C50681E5E11D9C0B596694EE601EF08B24
                                                                                                                                                                                                        SHA-512:3BA879BAF17E992F91F67435584F79539ABEF8CF175949669DDCCB174CBB7593B2E1BA18C857ECCE1CCEC8660CC6268FD610F0EAF4DCF8D068D9B836BEE2F862
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=XiNDcc"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.LIa=_.y("XiNDcc",[_.aoa]);._.k("XiNDcc");.var pI=function(a){_.J.call(this,a.Ha);this.aa=a.Ea.hz};_.A(pI,_.J);pI.Ba=function(){return{Ea:{hz:_.oI}}};pI.prototype.mB=function(){var a=this.aa;_.G3a(a);_.F3a(a)};_.K(pI.prototype,"IYtByb",function(){return this.mB});_.M(_.LIa,pI);._.l();.}catch(e){_._DumpException(e)}.}).call(this,this.default_AccountsSignInUi);.// Google Inc..

                                                                                                                                                                                                        Chrome Cache Entry: 1044

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):42
                                                                                                                                                                                                        Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                        MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                        SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                        SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                        SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.google.com/pagead/lvz?evtid=ACd6KtzUx3ajt0V--ob4gu1zO01IW9RFpHiHwogOHbnVEWK27dHIIAwODNcNhS4u7Xe6TGmu9S2PVaiQsvrO8UsGHk2wFF2WFw&req_ts=1708529103&pg=MainAppBootstrap%3AHome&az=1&sigh=AB9vU43C1iPKD3hZWBqJwAf1SSWit2tftA
                                                                                                                                                                                                        Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                        Chrome Cache Entry: 1045

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1354)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):186380
                                                                                                                                                                                                        Entropy (8bit):5.512786973993877
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:SYyvr5xyecNdRk3zE63vUWl6oPCOQ5whSWIjKUs7dDmn0v8umA8Qi4UJ7UwOwdwr:SYkr5xek3zEwvUWl6oPCOQ5whObs7dDF
                                                                                                                                                                                                        MD5:7554AE17C5023ECC6D0FFC1E8775BC2F
                                                                                                                                                                                                        SHA1:37B39540102E29993F710047ED89BBE3B47A3A2B
                                                                                                                                                                                                        SHA-256:6101EEA4239DED7503B74732D078DE0DE0E31D9465DE3876B1641802DD299200
                                                                                                                                                                                                        SHA-512:32B21C1D58028A46D7B1C67A79F1348DE19C9316B0CE0BF225904686A81033051B51AD06D6E37D41EA281E5A0D547D58D553D3579BEB23115B3715ECF348EBFB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.licdn.com/sc/h/6y2czwba46q3wsh2b0d0g6trj
                                                                                                                                                                                                        Preview:this.default_gsi=this.default_gsi||{};.(function(b){var l=this;try{var Ia,U,u,p,Ja,Ka;Ia=function(a){var c=0;return function(){return c<a.length?{done:!1,value:a[c++]}:{done:!0}}};U="function"==typeof Object.defineProperties?Object.defineProperty:function(a,c,b){if(a==Array.prototype||a==Object.prototype)return a;a[c]=b.value;return a};u=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof l&&l,"object"==typeof self&&self,"object"==typeof global&&global];for(var c=0;c<a.length;++c){var b=a[c];if(b&&b.Math==Math)return b}throw Error("a");.}(this);p=function(a,c){if(c)a:{var b=u;a=a.split(".");for(var e=0;e<a.length-1;e++){var f=a[e];if(!(f in b))break a;b=b[f]}a=a[a.length-1];e=b[a];c=c(e);c!=e&&null!=c&&U(b,a,{configurable:!0,writable:!0,value:c})}};p("Symbol",function(a){if(a)return a;var c=function(a,c){this.g=a;U(this,"description",{configurable:!0,writable:!0,value:c})};c.prototype.toString=function(){return this.g};var b="jscomp_symbol_"+(1E9*Math.random()>>>0

                                                                                                                                                                                                        Chrome Cache Entry: 1046

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):249446
                                                                                                                                                                                                        Entropy (8bit):5.470579685220208
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:IVyBYOfI26udxTWTcTEDM2j16TcTEDM2ilGb+UPhHo6CmEMDWwyF:oyBzZ3dNo6CFMqwyF
                                                                                                                                                                                                        MD5:3A9B92C1093DEB1F83F57CE9387856F3
                                                                                                                                                                                                        SHA1:375489BE5E642B11E62149F791C3DF5C66B6CFBA
                                                                                                                                                                                                        SHA-256:F5D13C67089BF5CDBB1B349183598BA8DF4DD95A9CF3187E9FD4172F5F5C36FE
                                                                                                                                                                                                        SHA-512:6588C81876AB2B528C71AC29CB950D5894DCD71C546A65EDFE8AA0977B2588DC6A8DF2B8A55470C44427A7E61869C6DF67A79B37A59A3A0847F8689D276AD051
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.licdn.com/sc/h/3gwr64x0h4e06b6c0wej9hqsz
                                                                                                                                                                                                        Preview:!function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var i in e)n.d(r,i,function(t){return e[t]}.bind(null,i));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=105)}({0:function(e,t,n){"use strict";n.d(t,"j",(function(){return a})),n.d(t,"x",(function()

                                                                                                                                                                                                        Chrome Cache Entry: 1047

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1586
                                                                                                                                                                                                        Entropy (8bit):4.971538502379734
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:Yj0jutsEgaFs9v8eY2x2UfwhUdt0A66ucXaKUoXab/:Y9ts3aFs90pUbtd79aKpab/
                                                                                                                                                                                                        MD5:052B9F6B80876F7C32894105E377BA3B
                                                                                                                                                                                                        SHA1:2018FC66AB3C28A18167B11C547406CF1BBAF89A
                                                                                                                                                                                                        SHA-256:A7B005C03E9F79AB0D36080925C50F6C101BBBF9853DD849E9A0030A810C89A1
                                                                                                                                                                                                        SHA-512:2DC6CA28250F1E5A0EF91D677A6732BD64D5D09C930B78AF226823621C0F1A6BDBDE23583C75F69D5101E918D7FAF40ADD7C236B0AA733D3B02F95528D1B3374
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/manifest.webmanifest
                                                                                                                                                                                                        Preview:{"name":"YouTube","short_name":"YouTube","background_color":"#FFFFFF","display":"minimal-ui","start_url":"/?feature\u003dytca","scope":"/","icons":[{"src":"https://www.gstatic.com/youtube/img/branding/favicon/favicon_144x144.png","sizes":"144x144","type":"image/png"},{"src":"https://www.gstatic.com/youtube/img/branding/favicon/favicon_192x192.png","sizes":"192x192","type":"image/png"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_16x16.png","sizes":"16x16","type":"image/png","purpose":"monochrome"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_32x32.png","sizes":"32x32","type":"image/png","purpose":"monochrome"},{"src":"https://fonts.gstatic.com/s/i/googlematerialicons/video_youtube/v11/white-48dp/1x/gm_video_youtube_white_48dp.png","sizes":"48x48","type":"image/png","purpose":"monochrome"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_512x512.png","sizes":"512x512","type":"image/png","purpose":"monochrome"}],"theme_color":"#FF0000"

                                                                                                                                                                                                        Chrome Cache Entry: 1048

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1540
                                                                                                                                                                                                        Entropy (8bit):6.905819523709836
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:gqQc1spq2jNxrFRvPZp5bi9PEI523gDrBsv8wbtArEjWthZCgEryyzCC0OKtGO:gBiWtBFrP2OQHBqLEEjWhnwDCNptGO
                                                                                                                                                                                                        MD5:13543EC4E0E68D652D044DE96447045E
                                                                                                                                                                                                        SHA1:54B5876F33DD1D66E8A2E9A3853075FE10ED109A
                                                                                                                                                                                                        SHA-256:0CE94DFC97907187AEE50218BEFF1AEFE6BDDDB3C5A8A0127023959352AB15D2
                                                                                                                                                                                                        SHA-512:918652C0DAD668F134A62572B7B7B82E09F24B897346AF8DA420DFB63164E44AFCFA68F68975CE4527211F1F9D228C96C9FBC71F682E38855664013695CC728F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/332886603_1978368392556459_5717271390274669910_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=596444&_nc_ohc=urvazcSmK-0AX-3iuWU&_nc_oc=AQnTgXLRQsHcG47go2KaUbaGzkO56M0R-2qSr_lCZsPbTATswx6A7JHpDI_eVIfBqKw&_nc_ht=scontent-lga3-2.xx&oh=00_AfBje6P1GgkxaPR3_THwgZRvijETji8gn8mobUYqkj3jhA&oe=65DAD042
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e001000074020000b1020000ee0200009e0300003f04000079040000ba040000f904000004060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...............................................................................:g0(_k..K.E$.V..).0{c...,......o....H....eS.r..%....|'OMh.'.$...!.............................!4...........T...9+....+B.8....}.-l.M..u..7.^.b...DA....N..B..FW.,.sB......7..v]Y.^.......oZ...4*H.lx..8...... ......................1.. !"#A........?.7.&ttP?/..c1}...T.7........................... .!Aa........?.b..S..k...).......................!1A.. 2Q"Baq.3..........?..Lx1F...-....j52..4.M..r+..p.[......z..../.Y..[.||D.k..K.P/.....]A..t...7l.s..X.o...G.W.2#.Q;^.E.[...zTh%.N..^../c...[.y.....$....................1!qaAQ..... ..........?!K...eHVV!.5...-eX.9M..>...2"..[..F ]+3,...Xm.b.`3..jL.a..Ir..

                                                                                                                                                                                                        Chrome Cache Entry: 1049

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):120
                                                                                                                                                                                                        Entropy (8bit):4.568105614797637
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:bh6G3XWZNDrMyMcbtugSUhdei3XWZNDrMyMcbz1h8FfY:bnXS5JtpnS5JZh8Fw
                                                                                                                                                                                                        MD5:D101838E73B156A21EA1FD94EBCEEB1D
                                                                                                                                                                                                        SHA1:C515B856E4AA0DE6FDAF13536873AFEB0D44D45B
                                                                                                                                                                                                        SHA-256:01E64CF9DF1DBF2FB4BFA333E3B2838272081B0BD396AACF340A56FA9252E15D
                                                                                                                                                                                                        SHA-512:A13AA569E36F3C68585965FDCC5B54454264E9EE7CB1BAE695EDF70F0716EA6D71D3E0060B39074BD1EA0E5AE9946B8A1CDF80E7A52BEE1DC8CF8E8E2FE79324
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwkbMnFS9SzlUhIFDYOoWz0SBQ3Fk8QkEhcJsA2cf48--pcSBQ14bxIZEgUNxZPEJBIQCXIJePU8PqV8EgUNvYWDDw==?alt=proto
                                                                                                                                                                                                        Preview:CiIKEw2DqFs9GgQICRgBGgQIVhgCIAEKCw3Fk8QkGgQISxgCCiIKEw14bxIZGgQICRgBGgQIVhgCIAEKCw3Fk8QkGgQISxgCCg8KDQ29hYMPGgYIARABGAM=

                                                                                                                                                                                                        Chrome Cache Entry: 1050

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:C source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):75995
                                                                                                                                                                                                        Entropy (8bit):5.330233242624909
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:r1X8E9coqS/zCct2GhRPXE2IbD71SgUeW7vIUncTUDgNpD5qTqGUMIzA:N8+/zCct2GDPXE2IbD71SgUeW7vIUncs
                                                                                                                                                                                                        MD5:77476E9F4544D16E10921CB9D56067F3
                                                                                                                                                                                                        SHA1:22677D2DF42EEC873802245EC72BBD8B6896F324
                                                                                                                                                                                                        SHA-256:FB9B509D020C4C45AD497DE7C4F7D1B22B4E7DC62339927FBF7E32E227932CB7
                                                                                                                                                                                                        SHA-512:86778E76F67A995D3FD9E4A5A6EDE940F5929A50390D578BD12ABBEEEA8FD94C09C8566C831DD92BB6D13A18ED24CE014416693432DD132207F0972B052C3408
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.licdn.com/sc/h/727ucpfhmn0jolb3t2h3o5dkj
                                                                                                                                                                                                        Preview:var _0x41e7=['platformKey','getNavigatorPlatform','productKey','product','productSubKey','productSub','vendor','vendorSubKey','getDoNotTrack','incognitoKey','RequestFileSystem','webkitRequestFileSystem','TEMPORARY','storage','estimate','quota','safariIncognito','localStorage','setItem','test','Firefox','open','onerror','onsuccess','indexedDB','PointerEvent','MSPointerEvent','IE\x20','match','join','replace','OPR','Opera','splice','canvasKey','isCanvasSupported','getCanvasFp','isWebGlSupported','getWebglFp','javascriptsKey','scripts','locationKey','hash','host','href','origin','signalsKey','getSignals','getAdBlock','getHasLiedLanguages','getHasLiedResolution','getHasLiedOs','hasMinFlashInstalled','fonts','swfPath','loadSwfAndDetectFonts','missing\x20options.fonts.swfPath','flash\x20not\x20installed','swf\x20object\x20not\x20loaded','jsFontsKey','monospace','serif','Andale\x20Mono','Arial','Arial\x20Hebrew','Arial\x20MT','Arial\x20Narrow','Arial\x20Rounded\x20MT\x20Bold','Arial\x20Unicod

                                                                                                                                                                                                        Chrome Cache Entry: 896

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (663)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):3238
                                                                                                                                                                                                        Entropy (8bit):5.387809520815037
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:o7BOsUSmiHXpkgcKmdNQ8jsetptY2PfygpcaNQJpSN9KI9hGKb1iqyBKAErw:oE07udO2F5caNQJwN9KAuezw
                                                                                                                                                                                                        MD5:6B5509EDF491407D765B9248417B3F68
                                                                                                                                                                                                        SHA1:5380993E0C0CFA67982B78BD17E283625EE0E77A
                                                                                                                                                                                                        SHA-256:F9D2DB8058E0E3CCBEA9FEA1551EE4D9ECFDBD010E10A9922B9389CCD2F13F31
                                                                                                                                                                                                        SHA-512:EE9962EA56BE934771649D7157CD7D86933EF07C3813D5C5C962E2D3F5DC53D9F6502D9B2BE24B389E7CB48BF458E8A7E5962BC1FCF283381507724FFCC60989
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var $v=function(a){_.I.call(this,a.Ha)};_.B($v,_.I);$v.Oa=_.I.Oa;$v.Ba=_.I.Ba;$v.prototype.YM=function(a){return _.se(this,{Xa:{eO:_.Hj}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.uh(function(e){window._wjdc=function(f){d(f);e(BDa(f,b,a))}}):BDa(c,b,a)})};var BDa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.eO.YM(c)};.$v.prototype.aa=function(a,b){var c=_.Xra(b).Xg;if(c.startsWith("$")){var d=_.em.get(a);_.Vp[b]&&(d||(d={},_.em.set(a,d)),d[c]=_.Vp[b],delete _.Vp[b],_.Wp--);if(d)if(a=d[c])b=_.re(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.Lq(_.jda,$v);._.l();._.k("SNUn3");._.ADa=new _.qk(_.vf);._.l();._.k("RMhBfe");.var CDa=function(a,b){a=_.rqa(a,b);return 0==a.length?null:a[0].tb},DDa=function(){return Object.values(_.So).reduce(function(a,b){return a+Object.keys(b).length},0)},EDa=function(){return Object.entries(_

                                                                                                                                                                                                        Chrome Cache Entry: 897

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (826)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):8035
                                                                                                                                                                                                        Entropy (8bit):5.326159900569122
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:scBpCBhS6OycT4w9uTEs/tQ7x09fih6axjOrFBh/ZQxKY8X2UBYRMwtRdB:/fEw9uQsamojEFBh/WxhB
                                                                                                                                                                                                        MD5:FDA114F94E54E698B9F2916A3F0046F0
                                                                                                                                                                                                        SHA1:5E14300C2D580CEB721201B14C19A858734EB2D7
                                                                                                                                                                                                        SHA-256:0833BBD2F41E11AD56CAD5E1E52CCDAFB40F3ABB8D71CB3C8B777455DFFEA95A
                                                                                                                                                                                                        SHA-512:008E7B7CD839C1B3BFBBFBEF6A5046BAE979FE95A5400CA45765EB74E94594505BB62C42A4F289B86D2B525919884B8B807A025C6C9E4FF43399829E201913E5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,XiNDcc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.qLa=_.y("wg1P6b",[_.Dx,_.Gl]);._.k("wg1P6b");.var m0a=function(a,b){b=b||_.Ma;for(var c=0,d=a.length,e;c<d;){var f=c+(d-c>>>1);var g=b(0,a[f]);0<g?c=f+1:(d=f,e=!g)}return e?c:-c-1},n0a=function(a,b){for(;b=b.previousSibling;)if(b==a)return-1;return 1},o0a=function(a,b){var c=a.parentNode;if(c==b)return-1;for(;b.parentNode!=c;)b=b.parentNode;return n0a(b,a)},p0a=function(a,b){if(a==b)return 0;if(a.compareDocumentPosition)return a.compareDocumentPosition(b)&2?1:-1;if(_.zg&&!(9<=Number(_.Gg))){if(9==a.nodeType)return-1;if(9==b.nodeType)return 1}if("sourceIndex"in.a||a.parentNode&&"sourceIndex"in a.parentNode){var c=1==a.nodeType,d=1==b.nodeType;if(c&&d)return a.sourceIndex-b.sourceIndex;var e=a.parentNode,f=b.parentNode;return e==f?n0a(a,b):!c&&_.nh(e,b)?-1*o0a(a,b):!d&&_.nh(f,a)?o0a(b,a):(c?a.sourceIndex:e.sourceIndex)-(d?b.sourceIndex:f.sourceIndex)}d=_.Zg(a);c=d.createRange

                                                                                                                                                                                                        Chrome Cache Entry: 898

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1998)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):164119
                                                                                                                                                                                                        Entropy (8bit):5.620202021115585
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:rvX5Lw5UlDJVZHL08oy6CiEETgDAGXoY7xZSrnCvnxtsmEtn4DtATIcT3PY0AU:rvX5LKUlDJVZHL08oyRiJsD7oYb/sHnh
                                                                                                                                                                                                        MD5:1904AE48D0334CE16D0DE8B2E3975144
                                                                                                                                                                                                        SHA1:9312BE1FC2ADD82B36A058BD6426811CAE3F7546
                                                                                                                                                                                                        SHA-256:27D9ED2AAD0901B3BCCCB194ADD5BFF90048EB8DA5A5DC09FB1514A6182E0866
                                                                                                                                                                                                        SHA-512:4DBADCC2FA29702B8D2FA7C854F116E64FE5B22EC5EC0F7A8F9BBB50D9461096EB5E012D5E1C0D88C14DEC4AD23677EB0EC46C3B9392A8B64608C55DB275891A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/jsbin/serviceworker-kevlar-appshell.vflset/serviceworker-kevlar-appshell.js
                                                                                                                                                                                                        Preview:'use strict';var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var ca=ba(this);function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}}.function ea(a){function b(d){return a.next(d)}.function c(d){return a.throw(d)}.return new Promise(function(d,e){function f(g){g.done?d(g.value):Promise.resolve(g.value).then(b,c).then(f,e)}.f(a.next())})}.function r(a){return ea(a())}.function fa(a,b){a instanceof String&&(a+="");var c=0,d=!1,e={next:function(){if(!d&&c<a.length){

                                                                                                                                                                                                        Chrome Cache Entry: 899

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (693)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):3141
                                                                                                                                                                                                        Entropy (8bit):5.380930987100955
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:o7q1Ts7jmeKKdOwa4hwOC6h1EITxEy5tcIw:q8WjmeKKJa4hg6h11Tf5tcd
                                                                                                                                                                                                        MD5:AB04042429D64EA6BA820C136C2DF43E
                                                                                                                                                                                                        SHA1:E30BF6C551D02090DE2829BAEEF1805016ACA449
                                                                                                                                                                                                        SHA-256:D0E2933E6B6DA81941C5247121015BA4E6F74E90006164F4F9F91C54ACDFEF94
                                                                                                                                                                                                        SHA-512:0AA65DA8053D468B25A6DEEC5CE5D130622BA604AD7E128A913E3C7D89E91961CCA56CEC4F45B2DF34E8A70933C1ACEBF4049208C1B529A4C3EEA12657784D81
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kw=function(a){_.I.call(this,a.Ha)};_.A(kw,_.I);kw.Na=_.I.Na;kw.Ba=_.I.Ba;kw.prototype.RM=function(a){return _.We(this,{Xa:{ZN:_.ek}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.Wh(function(e){window._wjdc=function(f){d(f);e(DDa(f,b,a))}}):DDa(c,b,a)})};var DDa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.ZN.RM(c)};.kw.prototype.aa=function(a,b){var c=_.osa(b).ii;if(c.startsWith("$")){var d=_.Cm.get(a);_.sq[b]&&(d||(d={},_.Cm.set(a,d)),d[c]=_.sq[b],delete _.sq[b],_.tq--);if(d)if(a=d[c])b=_.Ve(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.ir(_.Qca,kw);._.l();._.k("SNUn3");._.CDa=new _.Vk(_.Vf);._.l();._.k("RMhBfe");.var EDa=function(a,b){a=_.Hqa(a,b);return 0==a.length?null:a[0].tb},FDa=function(){return Object.values(_.pp).reduce(function(a,b){return a+Object.keys(b).length},0)},GDa=function(){return Object.entries(_

                                                                                                                                                                                                        Chrome Cache Entry: 900

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1011), with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1011
                                                                                                                                                                                                        Entropy (8bit):4.958228722086236
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:WybE3QpQgbgbGNKOkhOXO6FOXOWOvOOpx+FUDx+W:WybEgpQgbgbGNNlOOpx4UDx+W
                                                                                                                                                                                                        MD5:5306F13DFCF04955ED3E79FF5A92581E
                                                                                                                                                                                                        SHA1:4A8927D91617923F9C9F6BCC1976BF43665CB553
                                                                                                                                                                                                        SHA-256:6305C2A6825AF37F17057FD4DCB3A70790CC90D0D8F51128430883829385F7CC
                                                                                                                                                                                                        SHA-512:E91ECD1F7E14FF13035DD6E76DFA4FA58AF69D98E007E2A0D52BFF80D669D33BEB5FAFEFE06254CBC6DD6713B4C7F79C824F641CB704142E031C68ECCB3EFED3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/cssbin/www-onepick.css
                                                                                                                                                                                                        Preview:.picker-frame{width:100%;height:100%;border:0;overflow:hidden}.picker.modal-dialog-bg{position:absolute;top:0;left:0;background-color:#fff}.picker.modal-dialog{position:absolute;top:0;left:0;background-color:#fff;border:1px solid #acacac;width:auto;padding:0;z-index:1001;overflow:auto;-moz-box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-box-shadow:rgba(0,0,0,.2) 0 4px 16px;-moz-box-shadow:rgba(0,0,0,.2) 0 4px 16px;box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-transition:top .5s ease-in-out;-moz-transition:top .5s ease-in-out;-o-transition:top .5s ease-in-out;-webkit-transition:top .5s ease-in-out;-o-transition:top .5s ease-in-out;transition:top .5s ease-in-out}.picker-min{position:absolute;z-index:1002}.picker.modal-dialog-content{font-size:0;padding:0}.picker.modal-dialog-title{height:0;margin:0}.picker.modal-dialog-title-text,.picker.modal-dialog-buttons{display:none}.picker.modal-dialog-bg,.picker.modal-dialog.picker-dialog{z-index:1999999999

                                                                                                                                                                                                        Chrome Cache Entry: 901

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1689
                                                                                                                                                                                                        Entropy (8bit):7.081380744123798
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:gqFyTCzEc1sp5HFJnFjsIznaoe/VZG7oGooWVuGzgjCHTTtbi9HbqT0MEbBI:grliW5FjPzVePFGoguzRbAm5Eba
                                                                                                                                                                                                        MD5:68EC4DF59B099D49207CAAAAE981BB28
                                                                                                                                                                                                        SHA1:5124E92BD1E9247F52B5C15FFB0DC0CD63284999
                                                                                                                                                                                                        SHA-256:250F63B7F3CA6D1196DA6E1A70C4C3CC56D96EE745F3EA58191153E7E7F7DB72
                                                                                                                                                                                                        SHA-512:67D47547B206B8F7A13198D16DEA6D2CCA5D76C273FA6319954FA124883A8DE75A8802C572CA2D64FFF7D9142592F015A344DECE84E6DC056F99DFABF161EE83
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/415299125_7767398563275036_1518467408889713519_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=11e7ab&_nc_ohc=09sSTUEThuUAX8yhNV0&_nc_ht=scontent-lga3-2.xx&oh=00_AfBRR2HEdEIX-S4xZUIebAkTPK3cs5vk8-ZQPr7FGwxJuQ&oe=65DA1E38
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e101000079020000bd02000014030000d10300008f040000cc040000190500006705000099060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...............................................................................:../..N.f..>...;.O.V......M\X4.V}..X..1.4h...,+7s..F].;{........!.............................1 ...........{..+b.W...<1e...5.:..\.ip>.&Ze..........SDy.Gf.'.5....2'..lig....*.vf.;,GN.....n..R...c.5..d.........|.>............................. !"2........?.j..6".;..hP.}...)x........!......................!..1"2R..........?...........\e...H[L...|[T.#K.N....(.......................1!2A.".. Qbq#a.........?..8.bS.x. r...`.8ZK.(...8.Z.xvT.%.;.._OZ....t..J..d..S ..qs.n[.y....0...._...k;........M.[L.w?k.n...P.3...#...i....>...-.n..9..@:6i.....y.G...#....................!1AQa..q.............?!Q\...&EX...q[

                                                                                                                                                                                                        Chrome Cache Entry: 902

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):42
                                                                                                                                                                                                        Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                        MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                        SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                        SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                        SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.google.com/pagead/lvz?evtid=ACd6KtwVH_7j_4DtynjuRdBkYKJCDcRg91RDnNRDRKktaQ3xb69NYkzgbXVPquCu66qRSYAwkywPDa2-02exK0gihuh7d0-iWg&req_ts=1708529068&pg=MainAppBootstrap%3AHome&az=1&sigh=AB9vU43lrUj2hLfVVwuD13dRMfngRqRJbw
                                                                                                                                                                                                        Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                        Chrome Cache Entry: 903

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65405)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):8645939
                                                                                                                                                                                                        Entropy (8bit):5.617857652883011
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:49152:YSxZhSxBqluGy/pk/VfZ3q++vIkrF+141ZG1nXixF5ikTbaX3cmQAe/otm/H73do:QM3IIkxxFAkcdTob9LU
                                                                                                                                                                                                        MD5:69998E173B8C146479488BD8D7FBFAB3
                                                                                                                                                                                                        SHA1:D343051522769F5C16586F6A67E045D830433597
                                                                                                                                                                                                        SHA-256:CC3EEB6E34A2DB5A5B28937DA61F6EB2BB56B0DD2EB1E26D0EDF2F97450C41F2
                                                                                                                                                                                                        SHA-512:9C37EF552BEC6E3D0133AD1A38CA422F2BC35AA0361215AD73D6244B8087761859F7F02202F2E119AA260DFF60941CAA48A3A818693952E2290408B1342CD979
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/jsbin/desktop_polymer.vflset/desktop_polymer.js
                                                                                                                                                                                                        Preview:(function(){./* HTML content inlined from HTML import */.const d=document.createElement("div");.d.setAttribute("inlined-html","");.const finalStyleText="html:not(.style-scope) {\n --primary-text-color: var(--light-theme-text-color);\n --primary-background-color: var(--light-theme-background-color);\n --secondary-text-color: var(--light-theme-secondary-color);\n --disabled-text-color: var(--light-theme-disabled-color);\n --divider-color: var(--light-theme-divider-color);\n --error-color: #dd2c00;\n --primary-color: #3f51b5;\n --light-primary-color: #c5cae9;\n --dark-primary-color: #303f9f;\n --accent-color: #ff4081;\n --light-accent-color: #ff80ab;\n --dark-accent-color: #f50057;\n --light-theme-background-color: #fff;\n --light-theme-base-color: #000;\n --light-theme-text-color: #212121;\n --light-theme-secondary-color: #737373;\n --light-theme-disabled-color: #9b9b9b;\n --light-theme-divider-color: #dbdbdb;\n --dark-theme-background-color: #212121;\n --dark-theme-b

                                                                                                                                                                                                        Chrome Cache Entry: 905

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1590
                                                                                                                                                                                                        Entropy (8bit):7.005174874867761
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:gqS7XKfNvKxc1spKOfFNZYejkva+UY0gduWsqC9firn+cg4sQjlWQuh3TwWmZ5RA:gXXKfyiWKODXoPUsai+cVsQjf+bmNrE1
                                                                                                                                                                                                        MD5:2452B9B7D9C429B903720C0A0104E1C9
                                                                                                                                                                                                        SHA1:4A38C9D9F1504CC698C75552ACF1517B3507A660
                                                                                                                                                                                                        SHA-256:D2B89711C4FCAD30F4962885554F4FFE7E8AF5B2CE5A210E99E5B0F2287F8CDB
                                                                                                                                                                                                        SHA-512:2E8C29B7ABC8321FE806E4528C27C8647E12FA23EB22F0A82419AB873CA68053AF8EDD9CAC594103B23F7D8983AE99F241417CB627ACD8EEC9AF9C677868B787
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/374644118_826463269082981_4004764380981927745_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=596444&_nc_ohc=KL-c3PjlWuAAX-UDJon&_nc_ht=scontent-lga3-2.xx&oh=00_AfCzbLBetT_Y4p_Badhkeg_KqjdF4D-vuzmq-laDUT5aog&oe=65DA42B6
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6a010000d30100007a0200009b020000d1020000ad03000075040000a5040000c6040000f604000036060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".............................................................................m....T.S...Z.W.....%8F8..9...~2....<.. +.{..0....#............................!"#14............HPh..t8rK5F..$..I.k.2.D....V....F..,*}K...Y.....(A.(f:8."..L....sY..1z...m{D.u..dR.B.t..c%.".#...}q...Z..>.n..u...y...l.O.~(....w......................@........?.......................@........?.....).......................!1..."AQa 2qrB..........?...#PV....5./5.iys.E.7..4....,..8.....>.....rc...c.dO....;..)....~..E0....\....k....;..S......Z..j......$..\....c..S.w...JN.O..@.w. hTly.Q..(.....fn..a.oK.......O...."....................!1AQa....q..........?!.....0s.o..#.5......`z ..!5.&l...S....g ..K<.

                                                                                                                                                                                                        Chrome Cache Entry: 906

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2360)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):218410
                                                                                                                                                                                                        Entropy (8bit):5.4575963182002
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:+mgr4xMzGg6HZWP0A7kNA5mz6iE80+7x6oSdw4nhPaJRCdae4pl:BgM6qgHP17oV7xBCAeKl
                                                                                                                                                                                                        MD5:B272CF1E84669C7B811CCC5BAE20A927
                                                                                                                                                                                                        SHA1:2F7E34C107EE1BFBB259CF9DD59A78BF37F79B9C
                                                                                                                                                                                                        SHA-256:28CC67C2528066E543A8E2C8716148503E98B1987536CEAC3F1B9DA5043B7038
                                                                                                                                                                                                        SHA-512:D29FD72E2B6774BB3CA2B423A1D09058057FC2F5494AAE740B0EF6EDD1A9FF9C5542B899E7379DCF8B3499643276D39724BB2CCFD0B029C30710451F02543C37
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlF3Cfl7IHjwI9Q-7RaWlqzKEDZ7Xw/m=_b,_tp"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x1689603f, 0x1040058e, 0x27396998, 0x1c9c67bf, 0x18, 0x0, 0x1ac000, 0x3b, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Ra,haa,Za,bb,cb,db,eb,iaa,fb,lb,jaa,kaa,pb,naa,paa,Eb,qaa,taa,vaa,Pb,Sb,zaa,Zb,Daa,Haa,Iaa,mc,Jaa,Maa,Naa,Paa,Qaa,Raa,Saa,Wc,Vaa,Uaa,Waa,dd,bd,Xaa,ed,Zaa,hd,nd,$aa,aba,xd,wd,gd,Sd,hba,jba,kba,lba,nba,oba,Od,qe,re,Ae,Eba,Ne,Gba,Oe,Hba,Jba,Lba,Pba,Qba,Rba,Sba,Vba,Xba,aca,bca,fca,pca,lca,rca,tca,uca,vca,yca,Aca,Dca,Eca,Fca,Gca,Hca,Kca,Nf,Lca,Mca,Oca,Sca,Tca,aaa,Uca,ag,Vca,cg,Wca,Xca,fg,Zca,hg,fda,jda,ida,qg,lda;_.aa=function(a){retu

                                                                                                                                                                                                        Chrome Cache Entry: 907

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):15744
                                                                                                                                                                                                        Entropy (8bit):7.986588355476176
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:z1TLklSElcS5V6qQTMUP07JwirW6RlLwK79/:p7EJ5E2bJwi5jLwK79/
                                                                                                                                                                                                        MD5:15D9F621C3BD1599F0169DCF0BD5E63E
                                                                                                                                                                                                        SHA1:7CA9C5967F3BB8BFFEAB24B639B49C1E7D03FA52
                                                                                                                                                                                                        SHA-256:F6734F8177112C0839B961F96D813FCB189D81B60E96C33278C1983B6F419615
                                                                                                                                                                                                        SHA-512:D35A47162FC160CD5F806C3BB7FEB50EC96FDFC81753660EAD22EF33F89BE6B1BFD63D1135F6B479D35C2E9D30F2360FFC8819EFCA672270E230635BCB206C82
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
                                                                                                                                                                                                        Preview:wOF2......=........t..=..........................d..d..^.`.. .T..<.....|..{........6.$.... ..t. ..I.3.%.....8..&....4Z.|t .8.........D...$.uNE.P.E.Ak...=.x.9Xz.`.I..R....#F+B`..}.RP|E...Z\.W[.............C...QB....m...cm.?.F.g.......Q....3......p...L2.[......!+@U..^~.......D.?.......j...U...c..U.l.6{...m.CD].h.t.....Q8.....@P...L.c.....+...ZD..2.K...:..4{g..:..~....v......<..H^.R.'....8....?.;...uy.VW..8=.".F..*.....@E....c....=..Ib.....y8$.a){.......KiIW.&..~.}..1..w.M..{.4......!..{..F.H.5#K...t..5.w...ve;. '......NJ......'(%;...?...D...M.Cq,<.=?.f......._...V..bA.(..37..v....+.uY.C.b.w8AF..3.n.-..'..U%.2....o.l."...^bj..aoF.!`....A....j...'.:Z.u...[..p.GW:U%.Ejq...:I...C........S.C...sJe.6D...<.UM,..&h..z}.y|..9...D..j...n..B.$..T....?../.Q..=B...C._.f.#.:Bo.@]T.(..v..F..+d...". ......R..R..R....!..~A....X............>!`p..,08. 9.../.....r..Q.......Qpg.\ko...C..3..Y.y..t'.d9..>#|..3..?.#..$....i........g5.z....S....{3..Sp..S2..w.6........

                                                                                                                                                                                                        Chrome Cache Entry: 908

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):63609
                                                                                                                                                                                                        Entropy (8bit):7.980544709418768
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:X013aBTlpfKeJlJ84LzqCitGcHvLMGLVx/HItrpoRQedyOIaKRTW:i34THfKeDt8lHvLDHAt9oRbd9KRTW
                                                                                                                                                                                                        MD5:787ED5B25817C29DB48F0DB3E1A0805F
                                                                                                                                                                                                        SHA1:3EA5DCB53860DC4EFC560D9A1B0049583EA79A19
                                                                                                                                                                                                        SHA-256:E9B3ABA7DE31D464C23F035C776237D6DFCE057AFA937D78AEA43C298B501E98
                                                                                                                                                                                                        SHA-512:9445C365B44EB1D989B4D3295CED154F3759016DE626AD29B8E72027D35CE231F0F92BEA6CEC10D01632CC9A2FD100DB2E1D663D430B095A5B8B2632219D6633
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426089272_1655283868339589_1498011200279229076_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=VGxdHL5q_voAX9Aj9If&_nc_ht=scontent-lga3-2.xx&oh=00_AfDYYJ0Ydsg8odcNkcmaxkYmo0nq6o7uGcIOIN4cSHh0LQ&oe=65DAF262
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a700100008c1e0000a244000039470000e34900004f5d0000738f0000a3950000c59a00003ca0000079f80000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."...............................................................................)..d..........<58,.....".).Z...6..S.7...:.l..TB..<.VY.$Ab..rV....|.E^'..3..t..n...s..{.-IR....k...T..E.Z..H....O.i.`...L....Z[.IiI...n....aZ....C.Y.....SN<..8d.x..}.!.<..a...whX.*&R@...V..kU.n.....K..u].......k......IZ........f...E...7..,of.^k.$...]s.v.3.l..T7.`.R.V..f..Z79..E..%[.R...Z.k..I..T.>p......=."...... 0q..&...tpGY....b....*..........lR.F...K..+...s..f....-w<.....c...V..................O...ks?O&.....N.J....1|..G;.DI.N#...d."c..I.-`P.R.z....N.$....f...9.2B.@.u.l.T..0..g..y.....>3........S>.b).......KS...#.jd..V.&..\mx)5.....i....jO_.Y..ga$...l.$'g...Z.b.'......7qw

                                                                                                                                                                                                        Chrome Cache Entry: 909

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (467)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1883
                                                                                                                                                                                                        Entropy (8bit):5.270984374425825
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:o7eM8KL3AiFxglr7iO7S6fg35rCyRWsRhdrw:opL3FxeT7SMJARhBw
                                                                                                                                                                                                        MD5:434730EECF5430D42D426FFF04E3751F
                                                                                                                                                                                                        SHA1:E6DC1BBDFCCB76D1F45789C0B55E4F9E5725B677
                                                                                                                                                                                                        SHA-256:1BFAD0A3BD2AE9BE050D4A66CE800B030E5E33B6048D14FBECF0501A5728E2E9
                                                                                                                                                                                                        SHA-512:F68561DF1AF16BE78F48EFA58D836C33246FF8C8ABDE323C9F2217797E027DC99A699ED3856252A0ACEBC601177B78C264F400B56C52B48B500B07BDE76F964E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.gY=function(a){_.I.call(this,a.Ha);this.window=a.Ea.window.get();this.Fc=a.Ea.Fc};_.B(_.gY,_.I);_.gY.Oa=_.I.Oa;_.gY.Ba=function(){return{Ea:{window:_.Oq,Fc:_.uC}}};_.gY.prototype.Cn=function(){};_.gY.prototype.addEncryptionRecoveryMethod=function(){};_.hY=function(a){return(null==a?void 0:a.Yp)||function(){}};_.iY=function(a){return(null==a?void 0:a.rca)||function(){}};_.jY=function(a){return(null==a?void 0:a.Zp)||function(){}};._.izb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.kY=function(a){setTimeout(function(){throw a;},0)};_.gY.prototype.fJ=function(){return!0};_.Lq(_.El,_.gY);._.l();._.k("ziXSP");.var IY=function(a){_.gY.call(this,a.Ha)};_.B(IY,_.gY);IY.Oa=_.gY.Oa;IY.Ba=_.gY.Ba;IY.prototype.Cn=function(a,b,c){var d;i

                                                                                                                                                                                                        Chrome Cache Entry: 910

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (5311), with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):5311
                                                                                                                                                                                                        Entropy (8bit):4.950469424497734
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:B2cQbeDaksUebwlobsiJtKDUCbO/7p3uyFu7BtumruJbubbugWHxdXW:XOkAxMHwC/
                                                                                                                                                                                                        MD5:81B422570A4D648C0517811DFEB3273D
                                                                                                                                                                                                        SHA1:C150029BF8CEBFC30E3698AE2631A6796A77ECF1
                                                                                                                                                                                                        SHA-256:3C8B38D9B8A3301C106230E05BEEEDBCD28B12681F22FD9B09AF9E52DC08635D
                                                                                                                                                                                                        SHA-512:1D4966A88D7CF6BE31B8F53547A12DB92CABB4C05176ABE995C75C8889765EC68B7210C3BE75F60954CEB2938412FBDEB94D4D25DDC927F3A89ECA76A84A9EBC
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/cssbin/www-main-desktop-watch-page-skeleton.css
                                                                                                                                                                                                        Preview:#watch-page-skeleton{position:relative;z-index:1;margin:0 auto}#watch-page-skeleton,#watch-page-skeleton #info-container,#watch-page-skeleton #related{-webkit-box-sizing:border-box;box-sizing:border-box}.watch-skeleton .text-shell{height:20px;border-radius:8px}.watch-skeleton .skeleton-bg-color{background-color:hsl(0,0%,89%)}.watch-skeleton .skeleton-light-border-bottom{border-bottom:1px solid hsl(0,0%,93.3%)}html[dark] .watch-skeleton .skeleton-bg-color{background-color:hsl(0,0%,16%)}html[dark] .watch-skeleton .skeleton-light-border-bottom{border-bottom:1px solid hsla(0,100%,100%,.08)}.watch-skeleton .flex-1{-webkit-box-flex:1;-webkit-flex:1;flex:1;-webkit-flex-basis:0.000000001px;flex-basis:0.000000001px}.watch-skeleton #primary-info{height:64px;padding:20px 0 8px 0}.watch-skeleton #primary-info #title{width:400px;margin-bottom:12px}.watch-skeleton #primary-info #info{display:-webkit-box;display:-webkit-flex;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;-web

                                                                                                                                                                                                        Chrome Cache Entry: 911

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):749
                                                                                                                                                                                                        Entropy (8bit):4.70368920713592
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:t4nolW84qhebl8cP5UbKEBnStLJdJad+DB3xELFkXUIx+RWuSrtUjAC9ZiCWInLE:t4olS+2x5UbKrTJ9DA0YWrrmWCFzfIvB
                                                                                                                                                                                                        MD5:AA920B32443219E3EDFA32DEF5EBD457
                                                                                                                                                                                                        SHA1:8A4B47D0A2CA261803AA5C1A9DDE7BA3FE15B298
                                                                                                                                                                                                        SHA-256:E5773339E56DD15D8DAAB94CE6ED5D444D1EF0B61355E20854234605BB2E755B
                                                                                                                                                                                                        SHA-512:C45BDB233447E1F4D3B4B5174A328E3D8987C9B5E2E12733E5027173B0302919680901C311094714CFC32AC2F2C749DC9EB95FFCAA8F5DA1E5EBEF3FB7225E37
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
                                                                                                                                                                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" height="36" viewBox="0 0 36 36" width="36"><path d="M34.32 18.39c0-1.17-.11-2.3-.29-3.39H18v6.48h9.4c-.38 2.19-1.59 4.05-3.42 5.31v4.1h5.28c3.2-2.97 5.06-7.33 5.06-12.5z" fill="#4285F4"/><path d="M18 35c4.59 0 8.44-1.52 11.25-4.12l-5.28-4.1c-1.57 1.08-3.59 1.71-5.97 1.71-4.51 0-8.33-3.02-9.73-7.11H2.82v4.23C5.62 31.18 11.36 35 18 35z" fill="#34A853"/><path d="M8.27 21.39c-.36-1.07-.57-2.21-.57-3.39s.21-2.32.58-3.39v-4.23H2.82C1.67 12.67 1 15.25 1 18s.67 5.33 1.82 7.63l5.45-4.24z" fill="#FBBC05"/><path d="M18 7.5c2.56 0 4.86.88 6.67 2.61l.01.02 4.7-4.7C26.43 2.68 22.59 1 18 1 11.36 1 5.62 4.82 2.82 10.37l5.45 4.23c1.4-4.08 5.22-7.1 9.73-7.1z" fill="#EA4335"/><path d="M1 1h34v34H1z" fill="none"/></svg>

                                                                                                                                                                                                        Chrome Cache Entry: 912

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):279627
                                                                                                                                                                                                        Entropy (8bit):5.151957894348034
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:c2hPacZGzlBAgyxOmwn135UAcRCHgK0icNaQeUTUdDYubFryHgjKbntICUR:N83tMSC4
                                                                                                                                                                                                        MD5:67415238A0ED99286F8261E4A6CDFBE5
                                                                                                                                                                                                        SHA1:86EBB0BBD60D8D6BBDC80AA60BC809F17FA9F6D3
                                                                                                                                                                                                        SHA-256:7C3190461704D64CB2FB3BBE447902518DCC8A93536E10B7D3475B8ECB836152
                                                                                                                                                                                                        SHA-512:01B036685AFA19E0EE5299A6076C76384A18493345E8EF887CBE2B07B3C79B44F1AA3615918807C6BAA876263A5201D4A36195ACCFFA555F6B3F42503EBE6C7A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.licdn.com/sc/h/642e1qh28prue1yv3o1kqf3z9
                                                                                                                                                                                                        Preview:li-icon[type="linkedin-bug"] .background{fill:#000000}li-icon[type="linkedin-bug"][color="brand"] .background{fill:#0077B5}li-icon[type="linkedin-bug"][color="inverse"] .background{fill:#ffffff}li-icon[type="linkedin-bug"][color="premium"] .background{fill:#AF9B62}.artdeco-premium-bug-variant li-icon[type="linkedin-bug"][color="premium"] .background{fill:#EFB920}li-icon[type="linkedin-bug"] .bug-text-color{display:none}li-icon[type="linkedin-bug"][color] .bug-text-color{display:block}li-icon[type="linkedin-bug"][color="inverse"] .bug-text-color{display:none}li-icon[type="linkedin-bug"][size="14dp"]{width:14px;height:14px}li-icon[type="linkedin-bug"][size="21dp"]{width:21px;height:21px}li-icon[type="linkedin-bug"][size="28dp"]{width:28px;height:28px}li-icon[type="linkedin-bug"][size="34dp"]{width:34px;height:34px}li-icon[type="linkedin-bug"][size="40dp"]{width:40px;height:40px}li-icon[type="linkedin-bug"][size="48dp"]{width:48px;height:48px}li-icon[type="linkedin-bug"] svg{width:100%;he

                                                                                                                                                                                                        Chrome Cache Entry: 913

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (776)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1480
                                                                                                                                                                                                        Entropy (8bit):5.279840507577888
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:kMYD7xsu0wxppCqraNxRY4IB/HTl93myNP9GiGXdBlLJFSphGb5UGbAiHOzZrprw:o7x50+poFW1l9msc9jV0hGb5UGbPYZt8
                                                                                                                                                                                                        MD5:7DD1B813E20B2FBD52896F41087B3FBF
                                                                                                                                                                                                        SHA1:E89C53F5F3140442915A1C4DFCF71B82C8D49B67
                                                                                                                                                                                                        SHA-256:D0E1605C9406F26D1A88F26E625D34F1D313EDCE5EB538294666F80918FE2CB5
                                                                                                                                                                                                        SHA-512:54E90848539C99015510E1E56ACC0379281B8F413B1EBF6DA39F631BFC8DC5F0F9BA1E7324206A807AD478798C370560F0ED2F3289988946C69C774AD575578A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("kMFpHd");._.gUa=new _.Vk(_.ql);._.l();._.k("bm51tf");.var jUa=!!(_.qda[0]>>18&1);var lUa=function(a,b,c,d,e){this.ea=a;this.ta=b;this.ja=c;this.Ca=d;this.Fa=e;this.aa=0;this.da=kUa(this)},mUa=function(a){var b={};_.Ma(a.pN(),function(e){b[e]=!0});var c=a.cN(),d=a.iN();return new lUa(a.WJ(),1E3*c.aa(),a.wM(),1E3*d.aa(),b)},kUa=function(a){return Math.random()*Math.min(a.ta*Math.pow(a.ja,a.aa),a.Ca)},gE=function(a,b){return a.aa>=a.ea?!1:null!=b?!!a.Fa[b]:!0};var hE=function(a){_.I.call(this,a.Ha);this.Cc=null;this.ea=a.Ea.oQ;this.ja=a.Ea.metadata;a=a.Ea.A$;this.da=a.ea.bind(a)};_.A(hE,_.I);hE.Na=_.I.Na;hE.Ba=function(){return{Ea:{oQ:_.hUa,metadata:_.gUa,A$:_.aUa}}};hE.prototype.aa=function(a,b){if(1!=this.ja.getType(a.Dd()))return _.Bl(a);var c=this.ea.aa;return(c=c?mUa(c):null)&&gE(c)?_.Vsa(a,nUa(this,a,b,c)):_.Bl(a)};.var nUa=function(a,b,c,d){return c.then(function(e){

                                                                                                                                                                                                        Chrome Cache Entry: 914

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (682)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):4122
                                                                                                                                                                                                        Entropy (8bit):5.348985455814463
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:GMDtMOpEUNbTE6pL/u07Ub3XOy7RyVUBwzPBjw:qO2Urpbr7UrOy7Rp5
                                                                                                                                                                                                        MD5:0F50F70B3A1D045918CFCB3A2BE38AEE
                                                                                                                                                                                                        SHA1:085CCE0E6756C59626AB275CA8C3A5BF0FF17D35
                                                                                                                                                                                                        SHA-256:A4FD738A28E35B448CDA012F5DA8F5DD26D715FE5CA801B250AC19211700BE7C
                                                                                                                                                                                                        SHA-512:8F0B882C1895DE3D349A3C799C17625F52C60C2EE7CCB56BBDA7E252393677506775648C0DD3AE002C7FF692FDBB77E9E9648FF530630816D1DEE27E1B93AC82
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=NTMZac,sOXFj,q0xTif,ZZ4WUe"
                                                                                                                                                                                                        Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.Uf(_.mna);._.k("sOXFj");.var or=function(a){_.I.call(this,a.Ha)};_.A(or,_.I);or.Na=_.I.Na;or.Ba=_.I.Ba;or.prototype.aa=function(a){return a()};_.ir(_.lna,or);._.l();._.k("oGtAuc");._.Zsa=new _.Vk(_.mna);._.l();._.k("q0xTif");.var Zta=function(a){var b=function(d){_.zm(d)&&(_.zm(d).uc=null,_.Cr(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Or=function(a){_.Mp.call(this,a.Ha);this.Ra=this.dom=null;if(this.di()){var b=_.Xk(this.Bf(),[_.ul,_.tl]);b=_.bi([b[_.ul],b[_.tl]]).then(function(c){this.Ra=c[0];this.dom=c[1]},null,this);_.ar(this,b)}this.Ma=a.lh.Q7};_.A(Or,_.Mp);Or.Ba=function(){return{lh:{Q7:function(){return _.Kf(this)}}}};Or.prototype.getContext=function(a){return this.Ma.getContext(a)};.Or.prototype.getData=function(a){return this.Ma.getData(a)};Or.protot

                                                                                                                                                                                                        Chrome Cache Entry: 915

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):79
                                                                                                                                                                                                        Entropy (8bit):4.71696959175789
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:yionv//thPlH1tnt/tAhHGZscm1olkqCwbp:6v/lhP6hHDcZCYp
                                                                                                                                                                                                        MD5:8DC258A49B60FAE051E9A7CE11AD05CF
                                                                                                                                                                                                        SHA1:DAFEF280663F4205FC7F0E47799E9945E6A68D6D
                                                                                                                                                                                                        SHA-256:C8CAED93847AFFC154CB3D424E34FC146E7340BB29ABEBD5EBA7063E3DCA0604
                                                                                                                                                                                                        SHA-512:5F11ED60D79A80EF7CCEFFA907CD55F31D8DB19BD2A7F4C2650C62A355C5071C5FB61DA1EB0A2071CE22ECDC35C0D12F51E4D13AAC3B0FDB95ED4629815B5AFB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent.xx.fbcdn.net/hads-ak-prn2/1487645_6012475414660_1439393861_n.png
                                                                                                                                                                                                        Preview:.PNG........IHDR..............PX.....IDAT.Wc...0a.!..)....A,....Zl....IEND.B`.

                                                                                                                                                                                                        Chrome Cache Entry: 916

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (693)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):3141
                                                                                                                                                                                                        Entropy (8bit):5.380930987100955
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:o7q1Ts7jmeKKdOwa4hwOC6h1EITxEy5tcIw:q8WjmeKKJa4hg6h11Tf5tcd
                                                                                                                                                                                                        MD5:AB04042429D64EA6BA820C136C2DF43E
                                                                                                                                                                                                        SHA1:E30BF6C551D02090DE2829BAEEF1805016ACA449
                                                                                                                                                                                                        SHA-256:D0E2933E6B6DA81941C5247121015BA4E6F74E90006164F4F9F91C54ACDFEF94
                                                                                                                                                                                                        SHA-512:0AA65DA8053D468B25A6DEEC5CE5D130622BA604AD7E128A913E3C7D89E91961CCA56CEC4F45B2DF34E8A70933C1ACEBF4049208C1B529A4C3EEA12657784D81
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kw=function(a){_.I.call(this,a.Ha)};_.A(kw,_.I);kw.Na=_.I.Na;kw.Ba=_.I.Ba;kw.prototype.RM=function(a){return _.We(this,{Xa:{ZN:_.ek}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.Wh(function(e){window._wjdc=function(f){d(f);e(DDa(f,b,a))}}):DDa(c,b,a)})};var DDa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.ZN.RM(c)};.kw.prototype.aa=function(a,b){var c=_.osa(b).ii;if(c.startsWith("$")){var d=_.Cm.get(a);_.sq[b]&&(d||(d={},_.Cm.set(a,d)),d[c]=_.sq[b],delete _.sq[b],_.tq--);if(d)if(a=d[c])b=_.Ve(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.ir(_.Qca,kw);._.l();._.k("SNUn3");._.CDa=new _.Vk(_.Vf);._.l();._.k("RMhBfe");.var EDa=function(a,b){a=_.Hqa(a,b);return 0==a.length?null:a[0].tb},FDa=function(){return Object.values(_.pp).reduce(function(a,b){return a+Object.keys(b).length},0)},GDa=function(){return Object.entries(_

                                                                                                                                                                                                        Chrome Cache Entry: 917

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (715)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):50702
                                                                                                                                                                                                        Entropy (8bit):5.373070303650078
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:Ifd/sRuiALPAavkj70bI5D4nDltOC2B7F:IfdURZGvkjob44J8F
                                                                                                                                                                                                        MD5:44CA3D8FD5FF91ED90D1A2AB099EF91E
                                                                                                                                                                                                        SHA1:79B76340CA0781FD98AA5B8FDCA9496665810195
                                                                                                                                                                                                        SHA-256:C12E3AC9660AE5DE2D775A8C52E22610FFF7A651FA069CFA8F64675A7B0A6415
                                                                                                                                                                                                        SHA-512:A5CE9D846FB4C43A078D364974B22C18A504CDBF2DA3D36C689D450A5DC7D0BE156A29E11DF301FF7E187B831E14A6E5B037AAD22F00C03280EE1AD1E829DAC8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js
                                                                                                                                                                                                        Preview:/*.. Copyright 2014 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. See the License for the specific language governing permissions and. limitations under the License... Copyright 2016 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,.

                                                                                                                                                                                                        Chrome Cache Entry: 918

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (16083)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):740380
                                                                                                                                                                                                        Entropy (8bit):5.729920688068108
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:ZA18+tja0OU+uiAlgU/u0rLDmi6Dcga7ciEskOxCoiuNRF:ZTGjvOZArrdciBkpSF
                                                                                                                                                                                                        MD5:F98FC311A243467E1323D5CF6E73D4E9
                                                                                                                                                                                                        SHA1:C917CCF1F88AA7D74C8CDD4B3A4B5C5270FFA520
                                                                                                                                                                                                        SHA-256:86B01C31FAF78C4C275A4CD608DD112C461B7B3553D50129EFED438000D392A8
                                                                                                                                                                                                        SHA-512:149022F0DA5D7491E9AE198D3DB033865AE1D0E399A0F0BD98BA3EDE34659461D0042B962D10B4DFD45DD29850C6FE734D6027DE00BE4493B8CAC31B6B401516
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,fJpY1b,b3kMqb,EGw7Od,ZUKRxc,my67ye,t2srLd,EN3i8d,hmHrle,mWLH9d,NOeYWe,O6y8ed,fqEYIb,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,lwddkf,SpsfSb,fFzhe,tUnxGc,aW3pY,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,xBaz7b,eVCnO,LDQI"
                                                                                                                                                                                                        Preview:"use strict";_F_installCss(".O0WRkf{-webkit-user-select:none;transition:background .2s .1s;border:0;border-radius:3px;cursor:pointer;display:inline-block;font-size:14px;font-weight:500;min-width:4em;outline:none;overflow:hidden;position:relative;text-align:center;text-transform:uppercase;-webkit-tap-highlight-color:transparent;z-index:0}.A9jyad{font-size:13px;line-height:16px}.zZhnYe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);background:#dfdfdf;box-shadow:0px 2px 2px 0px rgba(0,0,0,.14),0px 3px 1px -2px rgba(0,0,0,.12),0px 1px 5px 0px rgba(0,0,0,.2)}.zZhnYe.qs41qe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);transition:background .8s;box-shadow:0px 8px 10px 1px rgba(0,0,0,.14),0px 3px 14px 2px rgba(0,0,0,.12),0px 5px 5px -3px rgba(0,0,0,.2)}.e3Duub,.e3Duub a,.e3Duub a:hover,.e3Duub a:link,.e3Duub a:visited{background:#4285f4;color:#fff}.HQ8yf,.HQ8yf a{color:#4285f4}.UxubU,.UxubU a{color:#fff}.ZFr60d{position:absolute;top:0;right:0;bottom:0;left:0;background-color:tran

                                                                                                                                                                                                        Chrome Cache Entry: 919

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (826)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):8035
                                                                                                                                                                                                        Entropy (8bit):5.326159900569122
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:scBpCBhS6OycT4w9uTEs/tQ7x09fih6axjOrFBh/ZQxKY8X2UBYRMwtRdB:/fEw9uQsamojEFBh/WxhB
                                                                                                                                                                                                        MD5:FDA114F94E54E698B9F2916A3F0046F0
                                                                                                                                                                                                        SHA1:5E14300C2D580CEB721201B14C19A858734EB2D7
                                                                                                                                                                                                        SHA-256:0833BBD2F41E11AD56CAD5E1E52CCDAFB40F3ABB8D71CB3C8B777455DFFEA95A
                                                                                                                                                                                                        SHA-512:008E7B7CD839C1B3BFBBFBEF6A5046BAE979FE95A5400CA45765EB74E94594505BB62C42A4F289B86D2B525919884B8B807A025C6C9E4FF43399829E201913E5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,XiNDcc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.qLa=_.y("wg1P6b",[_.Dx,_.Gl]);._.k("wg1P6b");.var m0a=function(a,b){b=b||_.Ma;for(var c=0,d=a.length,e;c<d;){var f=c+(d-c>>>1);var g=b(0,a[f]);0<g?c=f+1:(d=f,e=!g)}return e?c:-c-1},n0a=function(a,b){for(;b=b.previousSibling;)if(b==a)return-1;return 1},o0a=function(a,b){var c=a.parentNode;if(c==b)return-1;for(;b.parentNode!=c;)b=b.parentNode;return n0a(b,a)},p0a=function(a,b){if(a==b)return 0;if(a.compareDocumentPosition)return a.compareDocumentPosition(b)&2?1:-1;if(_.zg&&!(9<=Number(_.Gg))){if(9==a.nodeType)return-1;if(9==b.nodeType)return 1}if("sourceIndex"in.a||a.parentNode&&"sourceIndex"in a.parentNode){var c=1==a.nodeType,d=1==b.nodeType;if(c&&d)return a.sourceIndex-b.sourceIndex;var e=a.parentNode,f=b.parentNode;return e==f?n0a(a,b):!c&&_.nh(e,b)?-1*o0a(a,b):!d&&_.nh(f,a)?o0a(b,a):(c?a.sourceIndex:e.sourceIndex)-(d?b.sourceIndex:f.sourceIndex)}d=_.Zg(a);c=d.createRange

                                                                                                                                                                                                        Chrome Cache Entry: 920

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (45939)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):136364
                                                                                                                                                                                                        Entropy (8bit):5.126072695543888
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:YQ5uEi/bA+TnJDpamoObnmodwbwnwmwowd6/yW8RNK+blic1rU6fJGnjkuC6hfMW:rblic1rU6fJGjQ6hkefClYT+Ksc
                                                                                                                                                                                                        MD5:CEDCAFD723DC407D51EBF9659ED093E8
                                                                                                                                                                                                        SHA1:E466B889B8C527ECE8B428A5AF84737A2FE39433
                                                                                                                                                                                                        SHA-256:F2BABCBB7C5F1390299D492DF23A585EBACEE80939034749AFCE66D099B8C2CA
                                                                                                                                                                                                        SHA-512:A8188512961D31A926C9889A605F634BC9D1D572F450C302CAF0299741F594F4411F9743B4C5E6A55D17C33E5B67FEC4E0942303656BC6A56CB2B5F81BE89C65
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3iQbs4/y1/l/en_US/zx3qoVF3sUZ.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometImageFromIXValueRelayWrapper_sprite.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"CometImageFromIXValueRelayWrapper_sprite",selections:[{alias:null,args:null,kind:"ScalarField",name:"sprited",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sprite_map_css_class",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sprite_css_class",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"preloading_spi",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"w",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"h",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"p",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"sz",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"spi",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null},{alias:null,args:null,kind:"ScalarField",na

                                                                                                                                                                                                        Chrome Cache Entry: 921

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (467)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1883
                                                                                                                                                                                                        Entropy (8bit):5.270984374425825
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:o7eM8KL3AiFxglr7iO7S6fg35rCyRWsRhdrw:opL3FxeT7SMJARhBw
                                                                                                                                                                                                        MD5:434730EECF5430D42D426FFF04E3751F
                                                                                                                                                                                                        SHA1:E6DC1BBDFCCB76D1F45789C0B55E4F9E5725B677
                                                                                                                                                                                                        SHA-256:1BFAD0A3BD2AE9BE050D4A66CE800B030E5E33B6048D14FBECF0501A5728E2E9
                                                                                                                                                                                                        SHA-512:F68561DF1AF16BE78F48EFA58D836C33246FF8C8ABDE323C9F2217797E027DC99A699ED3856252A0ACEBC601177B78C264F400B56C52B48B500B07BDE76F964E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.gY=function(a){_.I.call(this,a.Ha);this.window=a.Ea.window.get();this.Fc=a.Ea.Fc};_.B(_.gY,_.I);_.gY.Oa=_.I.Oa;_.gY.Ba=function(){return{Ea:{window:_.Oq,Fc:_.uC}}};_.gY.prototype.Cn=function(){};_.gY.prototype.addEncryptionRecoveryMethod=function(){};_.hY=function(a){return(null==a?void 0:a.Yp)||function(){}};_.iY=function(a){return(null==a?void 0:a.rca)||function(){}};_.jY=function(a){return(null==a?void 0:a.Zp)||function(){}};._.izb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.kY=function(a){setTimeout(function(){throw a;},0)};_.gY.prototype.fJ=function(){return!0};_.Lq(_.El,_.gY);._.l();._.k("ziXSP");.var IY=function(a){_.gY.call(this,a.Ha)};_.B(IY,_.gY);IY.Oa=_.gY.Oa;IY.Ba=_.gY.Ba;IY.prototype.Cn=function(a,b,c){var d;i

                                                                                                                                                                                                        Chrome Cache Entry: 922

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):48
                                                                                                                                                                                                        Entropy (8bit):4.157806386887449
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:ZjhnZNDrPKVXdl:ZjNjKVXdl
                                                                                                                                                                                                        MD5:0D9FE9D3AA33DA6C96F6BF9AF269F8B5
                                                                                                                                                                                                        SHA1:A089B5586CD5E479A0FD7D73591C7EC0C5A41235
                                                                                                                                                                                                        SHA-256:1C9E270C0A66096127A7F58A326D4728465B433D744B3066F3F28CD5E87C9576
                                                                                                                                                                                                        SHA-512:3A15B10B23D0259F2738B01517E734C41122D68EFA555BE2CC1E162028FB4C7E88617D783BA571D82554B9CE3DDAAAD046A4BEBAFA1A87D79CEBD5A7EDD17571
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwnAFtBk7-_xrBIFDQqzETASBQ0o8SlJ?alt=proto
                                                                                                                                                                                                        Preview:CiIKEw0KsxEwGgQICRgBGgQIVhgCIAEKCw0o8SlJGgQISxgC

                                                                                                                                                                                                        Chrome Cache Entry: 923

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (682)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):4119
                                                                                                                                                                                                        Entropy (8bit):5.363860210804462
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:GkBsIzf6Aj6TQTdkvEc2K7UrtNoyd+ypYokBnz8oLw:3BHzn+Wm97UToyd+ypYokDc
                                                                                                                                                                                                        MD5:B60A1BABBA7EDBA6C5A9FC4836A079C6
                                                                                                                                                                                                        SHA1:082278E6B6E8A2F53237EE992E77FE45F8764957
                                                                                                                                                                                                        SHA-256:A925BAF5E1E6227CE778335AE876AD0B2C0A46AF791E2FE0BE7D9548015BBD82
                                                                                                                                                                                                        SHA-512:975738EE48432A77B3423E4BE71EE3FAEF65CF03EFA95A786357438132ECE6942ACF1163DB3A1513515A8617807D5C21DA44CB510E32DCA941927F5C369388B9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=NTMZac,sOXFj,q0xTif,ZZ4WUe"
                                                                                                                                                                                                        Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.uf(_.hna);._.k("sOXFj");.var Rq=function(a){_.I.call(this,a.Ha)};_.B(Rq,_.I);Rq.Oa=_.I.Oa;Rq.Ba=_.I.Ba;Rq.prototype.aa=function(a){return a()};_.Lq(_.gna,Rq);._.l();._.k("oGtAuc");._.Gsa=new _.qk(_.hna);._.l();._.k("q0xTif");.var Cta=function(a){var b=function(d){_.bm(d)&&(_.bm(d).uc=null,_.er(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},qr=function(a){_.np.call(this,a.Ha);this.Ra=this.dom=null;if(this.Zh()){var b=_.sk(this.Cf(),[_.Uk,_.Tk]);b=_.wh([b[_.Uk],b[_.Tk]]).then(function(c){this.Ra=c[0];this.dom=c[1]},null,this);_.Dq(this,b)}this.Ma=a.nh.U7};_.B(qr,_.np);qr.Ba=function(){return{nh:{U7:function(){return _.ff(this)}}}};qr.prototype.getContext=function(a){return this.Ma.getContext(a)};.qr.prototype.getData=function(a){return this.Ma.getData(a)};qr.protot

                                                                                                                                                                                                        Chrome Cache Entry: 924

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (682)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):4122
                                                                                                                                                                                                        Entropy (8bit):5.348985455814463
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:GMDtMOpEUNbTE6pL/u07Ub3XOy7RyVUBwzPBjw:qO2Urpbr7UrOy7Rp5
                                                                                                                                                                                                        MD5:0F50F70B3A1D045918CFCB3A2BE38AEE
                                                                                                                                                                                                        SHA1:085CCE0E6756C59626AB275CA8C3A5BF0FF17D35
                                                                                                                                                                                                        SHA-256:A4FD738A28E35B448CDA012F5DA8F5DD26D715FE5CA801B250AC19211700BE7C
                                                                                                                                                                                                        SHA-512:8F0B882C1895DE3D349A3C799C17625F52C60C2EE7CCB56BBDA7E252393677506775648C0DD3AE002C7FF692FDBB77E9E9648FF530630816D1DEE27E1B93AC82
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=NTMZac,sOXFj,q0xTif,ZZ4WUe"
                                                                                                                                                                                                        Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.Uf(_.mna);._.k("sOXFj");.var or=function(a){_.I.call(this,a.Ha)};_.A(or,_.I);or.Na=_.I.Na;or.Ba=_.I.Ba;or.prototype.aa=function(a){return a()};_.ir(_.lna,or);._.l();._.k("oGtAuc");._.Zsa=new _.Vk(_.mna);._.l();._.k("q0xTif");.var Zta=function(a){var b=function(d){_.zm(d)&&(_.zm(d).uc=null,_.Cr(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Or=function(a){_.Mp.call(this,a.Ha);this.Ra=this.dom=null;if(this.di()){var b=_.Xk(this.Bf(),[_.ul,_.tl]);b=_.bi([b[_.ul],b[_.tl]]).then(function(c){this.Ra=c[0];this.dom=c[1]},null,this);_.ar(this,b)}this.Ma=a.lh.Q7};_.A(Or,_.Mp);Or.Ba=function(){return{lh:{Q7:function(){return _.Kf(this)}}}};Or.prototype.getContext=function(a){return this.Ma.getContext(a)};.Or.prototype.getData=function(a){return this.Ma.getData(a)};Or.protot

                                                                                                                                                                                                        Chrome Cache Entry: 925

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):67816
                                                                                                                                                                                                        Entropy (8bit):7.9841903856932674
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:HBAASmbzryMT5X07SEsUljDm2yPzOGhbiTHQI8eV6GRHAgJy:hrVbPUGEsEHmpyGhbOQI351y
                                                                                                                                                                                                        MD5:746AF1442F6C55710D99DC93A77AE909
                                                                                                                                                                                                        SHA1:245A9D28EA6FD911BE7894894702BBCB10DFCF3E
                                                                                                                                                                                                        SHA-256:0D5F934620DF5D4B9768965F87FB0C7B981BFE9D8BEAA19083E5D560E3AB2599
                                                                                                                                                                                                        SHA-512:DF2456CD19B87900AE0184AB5F127AE7F5E14FCEEF4363D77894A83DCE16AF2B227F855B9D438905A2314D8B47D61F4BE05BCEAB7057E3FD87A295A196C36B04
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t51.29350-10/428083450_418976407359459_7590773312560987729_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=ARsyLRmcTZYAX_vm58t&_nc_ht=scontent-lga3-2.xx&oh=00_AfB_HC4bhEJ4mbDH8PQpCuP9kNxy5PFvbfmdUTiXeCf5pQ&oe=65DBF29E
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000ec1d00003644000077480000944c00008f6a0000bc9e0000f4a40000ffaa00005cb10000e8080100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".............................................................................sKy...sQ.si.si....,.."@..r...N.........D.........A.M-...C.....c^...c^..2[..l..M.{.CQ.*..b..A....n.8CC..H.4.R...."..p#..J...r=.t.|n.......AC\.5..\.k^,c^.....$..6.V.v..j........8......A......$P. $....8.JHp^.J.1.{..-p.....R...@..5...R5........k..n.L.V.8&j....cU"....1....d.Ql.5p.E.PQ...j?..O.2...Lt..+......K.q\l.w..q.3].....)!4..%...\(..4s...^X.......2.H..-C..N...hH..M.....ij.l R4jp..D..H...\.T........H..|.n:-"T..H.".".,RC..s..*@..n........#..A9..I.....m....#....}........b.8...s..~..-dc.dY...a3y.;_..Xm.YaR..z.q.:......3HJ.H..$..G$9.Bb...".......@N.J#.d.ppJ%=<.D2.Uar...jz#d.1n2[.&...".

                                                                                                                                                                                                        Chrome Cache Entry: 926

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4199)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):19218
                                                                                                                                                                                                        Entropy (8bit):5.393979167052038
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:DrBIgKlku0Cq8r9x86SGek2bwsTkvI0KY+woMKWU3ve9RiA:DrO/0CqE9OKA0iwoMKWU3ve6A
                                                                                                                                                                                                        MD5:200150E3FBC950B281221857722E041D
                                                                                                                                                                                                        SHA1:9FE484AFC3E7BE9979E17CC803B4FADC5B89F4E6
                                                                                                                                                                                                        SHA-256:03E61B67559CAC7B1FC5749C196820B0246255BC00B026F3738ED90CA1E646EA
                                                                                                                                                                                                        SHA-512:5F304309F6E1DF1E8FA46E5DD506D1D838CA109DB01A371329899835946EDB1357C07F11A6AC81D087144EDDD096405A7646DEB61DDD746E2BFC9FAA16FE1AF9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.lv=function(a){this.Ga=_.t(a)};_.A(_.lv,_.w);_.mv=function(a,b){return _.Ad(a,3,b,_.zc)};_.lv.Fb=[1,2,3,4];.var CBa=_.da.URL,DBa,EBa,GBa,FBa;try{new CBa("http://example.com"),DBa=!0}catch(a){DBa=!1}EBa=DBa;.GBa=function(a){var b=_.Lh("A");try{_.ye(b,_.te(a));var c=b.protocol}catch(e){throw Error("cc`"+a);}if(""===c||":"===c||":"!=c[c.length-1])throw Error("cc`"+a);if(!FBa.has(c))throw Error("cc`"+a);if(!b.hostname)throw Error("cc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};FBa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):(a.host=.b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.HBa=function(a){if(EBa){try{var b=new CBa(a)}catch(d){throw Error("cc`"+a);}var c=FBa.get(b

                                                                                                                                                                                                        Chrome Cache Entry: 927

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):5430
                                                                                                                                                                                                        Entropy (8bit):3.6534652184263736
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                                                                                                                                                                        MD5:F3418A443E7D841097C714D69EC4BCB8
                                                                                                                                                                                                        SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                                                                                                                                                                        SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                                                                                                                                                                        SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.google.com/favicon.ico
                                                                                                                                                                                                        Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                                                                                                                                                                        Chrome Cache Entry: 928

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):95538
                                                                                                                                                                                                        Entropy (8bit):5.436334510106879
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:8Aa0TZtPgFqdho7ia+2O9UMyc9nh7Hq2E:LTZtYFwF95ycFJKX
                                                                                                                                                                                                        MD5:727CBFA3B7290D35E267891F582F88B1
                                                                                                                                                                                                        SHA1:AA9B4CE6826B46DB56E8FCAE0D1284248BF6C278
                                                                                                                                                                                                        SHA-256:A5951034FFBA6569EF62BEFC21854C90CD987F3935BF1826E5455ED47EECB5E2
                                                                                                                                                                                                        SHA-512:271A8A1D392C81490D01079F8C9C9856ED3E73CC552895B9C290E19CB06E953D247FE410A5641B95801109E4DDC65C98F8335E8236E83195B4BF0BE0E61808C4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.licdn.com/sc/h/6s06vlv92ffjugj7k5xnkp5m9
                                                                                                                                                                                                        Preview:!function(t){var e={};function n(r){if(e[r])return e[r].exports;var o=e[r]={i:r,l:!1,exports:{}};return t[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var o in t)n.d(r,o,function(e){return t[e]}.bind(null,o));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=114)}({0:function(t,e,n){"use strict";n.d(e,"j",(function(){return u})),n.d(e,"x",(function()

                                                                                                                                                                                                        Chrome Cache Entry: 929

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1299)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):114292
                                                                                                                                                                                                        Entropy (8bit):5.5528653263166285
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:BfaN1hvawAB3MAYcKh+CY0YcQ1rFPyY5c/F1FRLf+aD3Wp94yXCQC4NIT3PTtSGa:BfaNbAB3IacQLiPFRLf+e3g9bXcAITk
                                                                                                                                                                                                        MD5:EA5144AB403234BE650A76530D1CB29D
                                                                                                                                                                                                        SHA1:67DEE97C0AE2F912CE9F4CB1ADB9181857A01DF3
                                                                                                                                                                                                        SHA-256:6EA25790432AA3DF786FF6518EAE8400D61081EE2A2206082C24B3FC6D4705DF
                                                                                                                                                                                                        SHA-512:74998F4A928418639BCC2C4EE5BE2DABDC01D5D4C5E3C69BA606E9A0757D173EC542BBD3BD2CFC31CBC17057B421773778997A80F1C4925022DEE0A0B4CA0241
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bSspM,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,lsjVmc,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,qmdT9,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,Rusgnf,Ctsu,UPKV3d,bPkrc,W2YXuc,pxq3x,IZ1fbc,soHxf,kSPLL,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ltDFwf");.var Atb=_.y("ltDFwf");var AU=function(a){_.J.call(this,a.Ha);var b=this.oa();this.pb=this.Qa("P1ekSe");this.mb=this.Qa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.zb("B6Vhqe");this.Ma=b.zb("juhVM");this.ta=b.zb("D6TUi");this.aa=b.zb("qdulke");this.La=0!==this.da;this.Ka=1!==this.ja;this.Fa=[];this.ea=_.$r(this).fc(function(){this.Fa.length&&(this.Fa.forEach(this.f9,this),this.Fa=[]);this.La&&(this.La=!1,_.Bq(this.pb,"transform","scaleX("+this.da+")"));this.Ka&&.(this.Ka=!1,_.Bq(this.mb,"transform","scaleX("+this.ja+")"));_.$q(b,"B6Vhqe",this.Ca);_.$q(b,"D6TUi",this.ta);_.$q(b,"juhVM",this.Ma);_.$q(b,"qdulke",this.aa)}).build();this.ea();_.zg&&_.$r(this).fc(function(){b.ob("ieri7c")}).Ae().build()();_.ez(this.oa().el(),this.Sa.bind(this))};_.B(AU,_.J);AU.Ba=_.J.Ba;.AU.prototype.Sa=function(a,b){Btb(

                                                                                                                                                                                                        Chrome Cache Entry: 930

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):2270287
                                                                                                                                                                                                        Entropy (8bit):4.924226738718404
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12288:NRpaQ+5+Fmt9CKkqFOdJ/JGfeiwtHWTOev3z69JGFez0TDJmgbVrdUto/4Q/5mKh:7o/4Q/5mKkKna0B
                                                                                                                                                                                                        MD5:28A33C27FEC758DCEF4F64FE33CE3FA3
                                                                                                                                                                                                        SHA1:6A79CC1ADE760CC79167A9E832F7DFA3C4C65C80
                                                                                                                                                                                                        SHA-256:0FC12A610E554A6A90474F79D7B0BB352302D66C96547C326A61144F2AA28099
                                                                                                                                                                                                        SHA-512:174F89D654523DA6B133A452BBCD3D36CB582ABB8099B950DE64F1B9228FDEA9B16AD2CF4D3C803DF2D3B7B8C4A3766323B3AA4D8E9F593F999C76DFF3066762
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.KWxblPF3ops.L.B1.O/am=AAjQAg/d=0/rs=AGKMywF7-tDpt3JY3IfFWrYKJ3CYN-IL2A
                                                                                                                                                                                                        Preview:.lottie-component{display:block}.yt-spec-icon-shape{display:flex;align-items:center;justify-content:center;width:100%;height:100%}.yt-core-attributed-string--inline-flex-mod{display:inline-flex;height:1.4em;vertical-align:middle}.yt-core-attributed-string--inline-block-mod{display:inline-block}.yt-core-attributed-string__image-element--image-alignment-bottom{vertical-align:bottom}.yt-core-attributed-string__image-element--image-alignment-baseline{vertical-align:baseline}.yt-core-attributed-string__image-element--image-alignment-vertical-center{align-self:center}.yt-core-attributed-string__link{text-decoration:none}.yt-core-attributed-string__link--display-type{display:inline}.yt-core-attributed-string__link--call-to-action-color{color:#065fd4}.yt-core-attributed-string__link--overlay-call-to-action-color{color:#3ea6ff}.yt-core-attributed-string--link-inherit-color .yt-core-attributed-string__link--call-to-action-color{color:inherit}.yt-core-attributed-string--highlight-text-decorator .

                                                                                                                                                                                                        Chrome Cache Entry: 931

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):16265
                                                                                                                                                                                                        Entropy (8bit):7.9619724390537465
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:cg0Mm44LmohCeH1oZP6fTnykvTCtbck0nlV8L2cwBgT/g6EPinfdZyoVA6zrI8lP:/0C4S8x2ZS7BvTcl6lKp/g6EPULXsV9e
                                                                                                                                                                                                        MD5:32EA237B3EAE24E4DE54F5BF2B222ED9
                                                                                                                                                                                                        SHA1:BABEBDC70FD5A0385761AE8B92CE616D12E56408
                                                                                                                                                                                                        SHA-256:E895873C2C76D9161A0C29FF7F691C3B0F983196B6E7FF76A51F0ED36A1E1816
                                                                                                                                                                                                        SHA-512:E1A061C5474B4D617BD750AFB6C3B66216996F24A23745E01571387972FA4259D48E11D40AA0D959F6B06EEDA6DEE6D08DFAB06DED7130E8C3189BE7BFE98E69
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/425792721_408506441566749_3377289298669230651_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=esRaqpUeLsQAX9hQcJE&_nc_ht=scontent-lga3-2.xx&oh=00_AfDqLpTsEiSaCa5rhdNsYyG4wBP3ntAKDhiBq7HTLmVWrw&oe=65DB5E3C
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a7001000072060000330e0000f10f0000f0110000aa1a0000cd260000e6270000e7290000282c0000893f0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n....".....................................................................................J..m\.SZ.O...1.U.C........@i.B.#8|..I0j.$....Kk..(8..x...u.....!.c...u..I)..qFP..%...d..GG.m..Ml..J...N^........x..\...X.......x5.A.....]..5.E..K|.....I4RYv\A.y.<*x.-...@P..Hu.C.4N^.N.N.m..jbcRRN.M<.&..j..k...!.2..a.e.y.R8..$....G..Zi.....j.1.... .....]+f-.`.(hl0..Q.c.....$!...|.?e.oua..L.w.J..$.?...S..o..H.,R..h.ZL.....I@..b....pO..aJ.:...;=,#.G...i.8.Y..=..l3z.^.;..U.uM..`...[.[....K-.`..-.GM.E.?C..}K...b...z..h.}.l.....b.tRC...Z.{[#....Z.x..0.Mhr[..v.2.ui...C.nK.gH.....r.....n.y.y..sTgtX.e...d\..J.M.o'=....&......D.f...j/..s.i&y..K....-.7...x].Un#{..N.1....XqPK...

                                                                                                                                                                                                        Chrome Cache Entry: 932

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (405)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1600
                                                                                                                                                                                                        Entropy (8bit):5.188259208280988
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:o7JFzAhos3C+VgRxsMyN5SG4siQ7D8zVTrw:oD0WEl+xsxN4rzpPw
                                                                                                                                                                                                        MD5:12C229219DFC209483CC30500DC6FC7B
                                                                                                                                                                                                        SHA1:7F964F9DCF97B96BB53E6FB64F735161EFC4A256
                                                                                                                                                                                                        SHA-256:E37272772EF8AA03D09A0B70B419C73544E93A653DA19133DCB241995B4AF05B
                                                                                                                                                                                                        SHA-512:407F8D84FF5D0F96707003850CFE67D4BB595F61BC617EC34E10433E2542A26B4AF2B589B55B9FE973BE894527EF6E16724E29B8293471967A8866798C9D0B47
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.Uf(_.lia);_.iw=function(a){_.I.call(this,a.Ha);this.aa=a.Xa.cache};_.A(_.iw,_.I);_.iw.Na=_.I.Na;_.iw.Ba=function(){return{Xa:{cache:_.Ep}}};_.iw.prototype.execute=function(a){_.wb(a,function(b){var c;_.Ue(b)&&(c=b.Za.Nb(b.fb));c&&this.aa.KC(c)},this);return{}};_.ir(_.Gia,_.iw);._.l();._.k("VwDzFe");.var FE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.Pq;this.ea=a.Ea.metadata;this.da=a.Ea.Hq};_.A(FE,_.I);FE.Na=_.I.Na;FE.Ba=function(){return{Ea:{Pq:_.aE,metadata:_.gUa,Hq:_.YD}}};FE.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.wb(a,function(c){var d=2===b.ea.getType(c.Dd())?b.aa.hc(c):b.aa.aa(c);return _.qk(c,_.bE)?d.then(function(e){return _.qd(e)}):d},this)};_.ir(_.Lia,FE);._.l();._.k("sP4Vbe");._.fUa=new _.Vk(_.Hia);._.l();._.k("A7fCU");.var fE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.iL};_.A(fE,_.I);fE.Na=_.I.Na;fE.Ba=function(){r

                                                                                                                                                                                                        Chrome Cache Entry: 933

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (8178)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):78003
                                                                                                                                                                                                        Entropy (8bit):5.534030341648823
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:qgd6FF6U5v/FSisNk3a+awDbDit1/Wxm4oVxmb5EhI5iCHD:qFs1/WxmAShI5rHD
                                                                                                                                                                                                        MD5:47AE4C9300B3DCF52B3AE8B3BC8FD25F
                                                                                                                                                                                                        SHA1:F934BC239E5689095ACCE0D71BE75F4D4488DD8A
                                                                                                                                                                                                        SHA-256:1102B5BBC04A85694A5DC2612015BDA6B0EDCC08E5229528A31C886DFC65F8D6
                                                                                                                                                                                                        SHA-512:29FC7DAF7BF605912284A9AD7347F5FC7556CB4A2C53C0E24DF87C8B5CE93AC47762D5D92C939DC9124910FC8E7DE8B2CDD38B362B9552DD61F7045BEF9415E0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3ig-p4/yB/l/en_US/JryzzQ6rPykHu1lo-vtGQXqCgoN7_kURe_rc7Qh2815EtoYGhfwcfLe9eombtumcm-xsw_y3zVOBSd8w70Ttksmt5r1v89-9txafWxL1rr0Obq.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometTextWithEntitiesRelay_entity.graphql",[],(function(a,b,c,d,e,f){"use strict";a=function(){var a={alias:null,args:null,concreteType:"WorkForeignEntityInfo",kind:"LinkedField",name:"work_foreign_entity_info",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"type",storageKey:null}],storageKey:null},b={kind:"Variable",name:"scale",variableName:"scale"},c={alias:null,args:null,kind:"ScalarField",name:"height",storageKey:null},d={alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null},e={alias:null,args:null,kind:"ScalarField",name:"width",storageKey:null},f={alias:null,args:null,kind:"ScalarField",name:"name",storageKey:null};return{argumentDefinitions:[{kind:"RootArgument",name:"scale"}],kind:"Fragment",metadata:{mask:!1},name:"CometTextWithEntitiesRelay_entity",selections:[{alias:null,args:null,kind:"ScalarField",name:"__typename",storageKey:null},{alias:null,args:[{kind:"Literal",name:"site",value:"comet"}],kind:"ScalarField",na

                                                                                                                                                                                                        Chrome Cache Entry: 934

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1379
                                                                                                                                                                                                        Entropy (8bit):6.754599235767732
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:gqwhc1spEEa8GafviZcLhoW17OH4VlTW/piZ5eWcs:gdhiWEhPOHLr7OHmQ/gmWcs
                                                                                                                                                                                                        MD5:4A07409F7960FF083E1C22C969F86204
                                                                                                                                                                                                        SHA1:4116434C59DFDD59A656B7245574AAB40F0328FA
                                                                                                                                                                                                        SHA-256:F34D749B798E9E04AEFD6109746F9823FD31D56965206355BA65A6B39D4F05E4
                                                                                                                                                                                                        SHA-512:3AA4244F01AF19A5B8BF767B61AA55854D39E6DC7F35D4F8E010CD87648BB6C8F3184F825A7EBCDA830351D066CFE23CEABCD0FDB5205F33940484AD0918D43C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/423779573_10168439584210113_3588546925670825200_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=11e7ab&_nc_ohc=eipqJYsOKZYAX-ASvVT&_nc_ht=scontent-lga3-2.xx&oh=00_AfDAU2x6kz3VP9HbjPQM-LUrwrRVjigeSg36wy-Y9ypz2A&oe=65DBA67B
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6d010000df0100006002000099020000d902000046030000d003000007040000420400008404000063050000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."............................................................................M.C2.;...2..U.\....N....AhD..T.....(..L..B.j.p...i. .0.....#.........................!1... "2...........F.%.........j...xZ..]...%.s#.j.>a..a....VT{...a.q.......L.w..Sq..2.....Ef.>#....s*................................!........?.K..5...G.E..k)............................... ........?..:..B..P.zr.^?...&......................!.1."Qa 2AB...........?....~.VE..M.z....%.Z..ZT......r..nm^.i.s/..l~..WCOJH..XC.K.... ....................!1AQ.aq.. ........?!l.O.......S_.Q'....8.S..g.0p.q.]5...J.qe.p_>.w......Im..-A.s|..E....:J.E.DC.K..f]K....;.,{T*./V{.(...@.eN'...oC.z....}M....z.tO.................].}.5..

                                                                                                                                                                                                        Chrome Cache Entry: 935

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (4982)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):52506
                                                                                                                                                                                                        Entropy (8bit):5.446250274482012
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:ETsMRensj20tJ9Z5Q6K3uwSXiRc0Pj+P3fPO:ETcnsjDJtQ6K3urNajcfPO
                                                                                                                                                                                                        MD5:F833E6B292F7240CC8A49C3FCE063EA8
                                                                                                                                                                                                        SHA1:193958C5C91BBC902799CFEF02101D5F19ED7F55
                                                                                                                                                                                                        SHA-256:FDC143BE95EB2A0348888C7231F2089FA95A1F07D93FABC18D87D314590CE21E
                                                                                                                                                                                                        SHA-512:40BEC0871299562048FAF8305BD0C9BA0ABBF53554BB1047DF4474734ABB6700B6924F3ED828AAEAA3DDB9771894046A6907C4D1E166B62796BAFC4D3E89F50C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3iFd24/yZ/l/en_US/EbDu0qzCCoR.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("useCometTextDirection",["UnicodeBidi","react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=(h||d("react")).useMemo,j={LTR:"ltr",NEUTRAL:"auto",RTL:"rtl"};function a(a,b){return i(function(){var c=d("UnicodeBidi").getDirection(a,b);return j[c]},[b,a])}g["default"]=a}),98);.__d("CometRoundedTextInput.react",["BaseFocusRing.react","BaseTextInput.react","CometScreenReaderText.react","Locale","react","stylex","useBaseInputValidators"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j=i||(i=d("react"));b=i;var k=b.useId,l=b.useState,m={backgroundPlaceholder:{backgroundColor:"xmjcpbm",$$css:!0},backgroundSecondary:{backgroundColor:"x1qhmfi1",$$css:!0},disabledInput:{color:"x1dntmbh",cursor:"x1h6gzvc",$$css:!0},endIcon:{paddingEnd:"xsyo7zv",paddingLeft:null,paddingRight:null,$$css:!0},fontPlaceholder:{color:"x12scifz","::placeholder_color":"x2s2ed0",":focus::placeholder_color":"xq33zhf",$$css:!0},fontSecondary:{color:"xi81zsa",$$css:!0},hideIconAnimation:{transitionDura

                                                                                                                                                                                                        Chrome Cache Entry: 936

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):7122
                                                                                                                                                                                                        Entropy (8bit):7.871258322524097
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:CSCD1Ka5vYOrbUjwB0ho6Ds9HUqf9VSxUJ:ClsmUjwB0PQ9bfjrJ
                                                                                                                                                                                                        MD5:BA4FC7360622DA29A9BB6A079C42433F
                                                                                                                                                                                                        SHA1:156E6FD1B0F3811377253A347B9E57038FCF5681
                                                                                                                                                                                                        SHA-256:2CCCEF76016D55851D5EBB3872AA101DF7772F6C3B753D66F2D6DE20CB401CD0
                                                                                                                                                                                                        SHA-512:AAB5B1C50705860606904F5DEE1E4EE010769C6AFEA0B9EED9C319EC7D7BE2A1CD304CF867B799871D6FEB20A88D6E0905FB500413098D5DFD3A5C1D53432CC4
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426626851_1050536366238159_6966000035968128461_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=iD9MG8Iumt0AX9ldSsj&_nc_ht=scontent-lga3-2.xx&oh=00_AfAdnSvpP496tIJjvjbIC9VNoK389AlA9B5J9L9_s0pmSQ&oe=65DB1F12
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f0100002705000049080000c50800006a0900006f0b0000ff0f000011110000fc110000f8120000d21b0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."...............................................................................<..b...0..T.T..D6..*l...p . .T...$.SH.I$`.4Z..-..a..D1..... ..R5*......^.y. ......IRb$.SR.CH.#Kt..w4..@.&Z.J.%IR...3W".4/H..K8.%E..,..Q,...J.B.M.......X.)Ft..0....U...).............r..b.a#%J..T..T.c.....nD.j0.j...4..M .F....c.x...P.0..H..&..@ .....kW..%VJ.<..O.....t...H.D.%Ur.s.<f..V!...g-..y..L..L4.$.iH.*x|..:....*...,.c.}O.i..EP..V+K.....s.......1....I...]33............#h..U.U.m..T....vo...].e.z...b~.........:..p.}...Q%....+....w..,C.W.H...41..5...?...W...?..y.$.%...1.?>..l..7.n....x{.E.-zy#(..d...0...,......<.N5....'..N......|..x..z.GM.>.....=.t.}.~.....7.|C.\t.........Yt..

                                                                                                                                                                                                        Chrome Cache Entry: 937

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (5842)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):13005
                                                                                                                                                                                                        Entropy (8bit):5.385476614866472
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:EGPzF/Z8FjmrWX8oDfc/xkiF55npVKyGT5xRNElQQx0JLNThA+dW51So:Bj8FarWX8oDfcFFDnpVKyGdxRNElB1Ye
                                                                                                                                                                                                        MD5:E1AD4E3D26CC72E49609FCAD39B4AABB
                                                                                                                                                                                                        SHA1:1D353A2E2E9C24C12A938C9EC8DEC48D87C6C420
                                                                                                                                                                                                        SHA-256:9AE20AB072694E627FC333C4514E5429B8BF47477F3886D9D0BE00FA5DCFDCAA
                                                                                                                                                                                                        SHA-512:5B7026F39184ACB8CFCBFA4C5528595F209A97E3F2FEFEA752BCAF6D0922A719EAD8706A3C8C42D37EA364B3E9CBACE687D72B0D1BAF614B690D0B14515C45C0
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3idBq4/yT/l/en_US/nYVb1eL2wQQ.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("BaseToast.react",["BaseInlinePressable.react","BaseTheme.react","BaseView.react","FocusRegion.react","focusScopeQueries","react","useCurrentDisplayMode"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||(h=d("react"));b=h;var j=b.useId,k=b.useMemo,l={dark:"__fb-dark-mode ",light:"__fb-light-mode ",type:"CLASSNAMES"},m={item:{display:"x78zum5",flexDirection:"xdt5ytf",paddingBottom:"x19yoh24",paddingEnd:"xpowjs8",paddingLeft:null,paddingRight:null,paddingStart:"xrxijuk",paddingTop:"x6enp1t",$$css:!0},itemText:{flexGrow:"x1iyjqo2",$$css:!0},link:{wordBreak:"xdnwjd9",$$css:!0},root:{alignItems:"x6s0dn4",backgroundColor:"x1wkzo03",borderTopStartRadius:"x1192kqh",borderTopEndRadius:"xjfsc2c",borderBottomEndRadius:"xg8fqjl",borderBottomStartRadius:"x1kdh5me",boxShadow:"xi1c1fh",display:"x78zum5",flexShrink:"x2lah0s",maxWidth:"x1cs6qxi",minWidth:"x1hqenl9",paddingStart:"xuv3zuj",paddingLeft:null,paddingRight:null,paddingEnd:"xd3owfx",paddingTop:"x192rfv7",paddingBottom:

                                                                                                                                                                                                        Chrome Cache Entry: 938

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4199)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):19218
                                                                                                                                                                                                        Entropy (8bit):5.386483333795039
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:audfEIMCVf6W/vtvayL5sDU/SkZKjAUpSiLw9UpYCjIgk9uzBi:ffL6W/vtvawsY/8suSr9UpYCjIgk9uFi
                                                                                                                                                                                                        MD5:C8734A39BAC01098267A643B9D728D22
                                                                                                                                                                                                        SHA1:33964CFF7039C268CA4432FC3F69A2B096D09D7A
                                                                                                                                                                                                        SHA-256:505708C0E484FFF76A2CE4C98F2923DF33AB6D1F6DBCBFAB2AA083F46D78C7B6
                                                                                                                                                                                                        SHA-512:18EC4598C30BFA490DBCAE1B73D2E451CD7853458CDD0B7E0473B91F0FA5F6E8E02FA2C504F2D99B4221C0D80170005FDFA3CA3EBFA4DC38EABDC68FDB543DCD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.Ou=function(a){this.Ga=_.t(a)};_.B(_.Ou,_.v);_.Pu=function(a,b){return _.gd(a,3,b,_.sc)};_.Ou.Fb=[1,2,3,4];.var ABa=_.da.URL,BBa,CBa,EBa,DBa;try{new ABa("http://example.com"),BBa=!0}catch(a){BBa=!1}CBa=BBa;.EBa=function(a){var b=_.hh("A");try{_.Zd(b,_.Td(a));var c=b.protocol}catch(e){throw Error("cc`"+a);}if(""===c||":"===c||":"!=c[c.length-1])throw Error("cc`"+a);if(!DBa.has(c))throw Error("cc`"+a);if(!b.hostname)throw Error("cc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};DBa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):(a.host=.b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.FBa=function(a){if(CBa){try{var b=new ABa(a)}catch(d){throw Error("cc`"+a);}var c=DBa.get(b

                                                                                                                                                                                                        Chrome Cache Entry: 939

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):473
                                                                                                                                                                                                        Entropy (8bit):5.240157994693449
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:kxeXjxeX4wFbcloiHKobO4xMl23ZhVgBDKDi7e8kbRNfeX60:kMYDRiqobPxi2fVgB+XprGJ
                                                                                                                                                                                                        MD5:13782B3B1A5B6B82B186225398C96C55
                                                                                                                                                                                                        SHA1:AA9E89FABF00C27173190096499F47FAEE56C684
                                                                                                                                                                                                        SHA-256:1EAF3863ADA2FC1BC5C99F0731313B8046C576403EC8721757F935B8245C2C26
                                                                                                                                                                                                        SHA-512:D966BA31E97827381C2F26E9DC069A6DA26EFFEE26AE9C1965A73C1CFB4A852A6F4C94BF60B1F33719A3AF522CA0B868D99833E422FDEAD8644BD527118AE685
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=XiNDcc"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.HIa=_.y("XiNDcc",[_.Nna]);._.k("XiNDcc");.var DI=function(a){_.J.call(this,a.Ha);this.aa=a.Ea.ez};_.B(DI,_.J);DI.Ba=function(){return{Ea:{ez:_.CI}}};DI.prototype.kB=function(){_.b3a(this.aa)};_.K(DI.prototype,"IYtByb",function(){return this.kB});_.M(_.HIa,DI);._.l();.}catch(e){_._DumpException(e)}.}).call(this,this.default_AccountsSignInUi);.// Google Inc..

                                                                                                                                                                                                        Chrome Cache Entry: 940

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (20386)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):24922
                                                                                                                                                                                                        Entropy (8bit):5.5370745516072795
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:bWrUnwzqiCXznnxmmUCf9zTvJFZ5KDHjC6:bmUjznxmmUwZ5F6
                                                                                                                                                                                                        MD5:30B79BF5D6570CEE86DFB7C421578ADB
                                                                                                                                                                                                        SHA1:2BD11C936F781184EB59A7219D7136395F21A7F8
                                                                                                                                                                                                        SHA-256:70916F59D136472CA5E1016A3922022793EE5E4ECEB5C047A27BCA3936EFFCE8
                                                                                                                                                                                                        SHA-512:172E59AE301E70957F1D328A3DE1BA16AE2C8EB553B6E19EEE3E60D497BD5D74319D143AFC3E290DFE683149C47266D980459A8D539A714E8781754D1BEE175F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/O_4AXgPZeIL.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometPageLayoutWithComplementaryContent.react",["BaseRow.react","BaseRowItem.react","CometMediaViewerFullscreenContext","CometRouteRenderType","CometScrollView.react","MWChatVisibilityOverrideContext","gkx","react","stylex","useMWShouldCurrentRouteOverrideChatVisibility","useShouldShowMessagingEntrypointOnCurrentRoute"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j=i||(i=d("react")),k=i.useContext,l=c("gkx")("20935"),m=c("gkx")("21050");b={chatSliver:{backgroundColor:"x1jx94hy",boxShadow:"x13tw4yp",display:"x78zum5",height:"xtp0wl1",top:"xxzkxad",width:"x1dmp6jm",zIndex:"x1vjfegm","@media (max-width: 899px)_display":"x1daaz14",$$css:!0},container:{height:"x3igimt",maxHeight:"xedcshv",overflowX:"x6ikm8r",overflowY:"x10wlt62","@media (max-width: 900px)_flexDirection":"x10o2a94",$$css:!0},containerFullScreenInPushView:{minHeight:"xg6iff7",$$css:!0},containerInPushView:{minHeight:"x1us19tq",$$css:!0},containerNotInPushView:{minHeight:"xat3117",$$css:!0},contentAre

                                                                                                                                                                                                        Chrome Cache Entry: 941

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (10220)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):79008
                                                                                                                                                                                                        Entropy (8bit):5.38703241975873
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:drOMDK8NFbtMD636tHdHaOMjKwSo3XItkuSbFdXyg:drOqFGMjh
                                                                                                                                                                                                        MD5:9A8041A7BE83FE7F8364819FC9582B5F
                                                                                                                                                                                                        SHA1:AD28899D57977B7F6472ADC98308066D12F19E56
                                                                                                                                                                                                        SHA-256:7605E04DFDD4889A92A3B3DC4B2C8194F3897C8A2D72F901F6370D7ABE9223D5
                                                                                                                                                                                                        SHA-512:A6F766E37784F7145965BD437AE35FF907B346431305DD3F452BFDA991DE6D37BE9FCDDFFF682A357D41DDDFB2655F2C89FAE722FBE364EA0A55ACC9AD7FB0C5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3idBq4/yP/l/en_US/8YSWYUXTuDT.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("GroupsCometAnswerAgentEducationModalQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="26010742205205782"}),null);.__d("GroupsCometAnswerAgentEducationModalQuery$Parameters",["GroupsCometAnswerAgentEducationModalQuery_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("GroupsCometAnswerAgentEducationModalQuery_facebookRelayOperation"),metadata:{},name:"GroupsCometAnswerAgentEducationModalQuery",operationKind:"query",text:null}};e.exports=a}),null);.__d("coerceRelayImage_image.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:{mask:!1},name:"coerceRelayImage_image",selections:[{alias:null,args:null,kind:"ScalarField",name:"height",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"scale",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"uri",storageKey:null},{alias:null,args:null,kind:"ScalarField",name:"width",st

                                                                                                                                                                                                        Chrome Cache Entry: 942

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                        Entropy (8bit):3.875
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:HmnY:OY
                                                                                                                                                                                                        MD5:C13E70783B272C1B1F38DF78789CB038
                                                                                                                                                                                                        SHA1:7F182E8DA5EE7FB00A151AC0D205D71E9C017D94
                                                                                                                                                                                                        SHA-256:8800EFDDF6F05E9F2F4263946E6C5AB296C955138B006CE3A74D3B0F143BE92A
                                                                                                                                                                                                        SHA-512:A7F5941549D283934D49EE8BF8FA069D387FBDF3BBB86F884F14FD4E10EB5F6E754F55E0F3F94DCE79EF84FA2787A5F9DB8A24C74BA13BAF379DB66BF35FB8F9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAk8yq_jFOmFmxIFDfGjW-M=?alt=proto
                                                                                                                                                                                                        Preview:CgkKBw3xo1vjGgA=

                                                                                                                                                                                                        Chrome Cache Entry: 943

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (405)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1600
                                                                                                                                                                                                        Entropy (8bit):5.188259208280988
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:o7JFzAhos3C+VgRxsMyN5SG4siQ7D8zVTrw:oD0WEl+xsxN4rzpPw
                                                                                                                                                                                                        MD5:12C229219DFC209483CC30500DC6FC7B
                                                                                                                                                                                                        SHA1:7F964F9DCF97B96BB53E6FB64F735161EFC4A256
                                                                                                                                                                                                        SHA-256:E37272772EF8AA03D09A0B70B419C73544E93A653DA19133DCB241995B4AF05B
                                                                                                                                                                                                        SHA-512:407F8D84FF5D0F96707003850CFE67D4BB595F61BC617EC34E10433E2542A26B4AF2B589B55B9FE973BE894527EF6E16724E29B8293471967A8866798C9D0B47
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.Uf(_.lia);_.iw=function(a){_.I.call(this,a.Ha);this.aa=a.Xa.cache};_.A(_.iw,_.I);_.iw.Na=_.I.Na;_.iw.Ba=function(){return{Xa:{cache:_.Ep}}};_.iw.prototype.execute=function(a){_.wb(a,function(b){var c;_.Ue(b)&&(c=b.Za.Nb(b.fb));c&&this.aa.KC(c)},this);return{}};_.ir(_.Gia,_.iw);._.l();._.k("VwDzFe");.var FE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.Pq;this.ea=a.Ea.metadata;this.da=a.Ea.Hq};_.A(FE,_.I);FE.Na=_.I.Na;FE.Ba=function(){return{Ea:{Pq:_.aE,metadata:_.gUa,Hq:_.YD}}};FE.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.wb(a,function(c){var d=2===b.ea.getType(c.Dd())?b.aa.hc(c):b.aa.aa(c);return _.qk(c,_.bE)?d.then(function(e){return _.qd(e)}):d},this)};_.ir(_.Lia,FE);._.l();._.k("sP4Vbe");._.fUa=new _.Vk(_.Hia);._.l();._.k("A7fCU");.var fE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.iL};_.A(fE,_.I);fE.Na=_.I.Na;fE.Ba=function(){r

                                                                                                                                                                                                        Chrome Cache Entry: 944

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (18915)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):43237
                                                                                                                                                                                                        Entropy (8bit):5.680707641754852
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:5RWw2BBHWtPd0h3A4LWhNzrXNAtU9ArbM+AI99yNIE:5QBZWtmw4LqPXNIU9ArbMP
                                                                                                                                                                                                        MD5:A20A57297296210AE55C26306436FCE5
                                                                                                                                                                                                        SHA1:AF8363C369F8FD23868093CE0FF02C8D88C229C0
                                                                                                                                                                                                        SHA-256:2DE52103B1FEEB037AF1757A1D10CB77A335258410AFF50F3CC4B93589357FDB
                                                                                                                                                                                                        SHA-512:E0BD233E5F75ECCC4D5018E1F7A4650D13BDD84D4DDCBB1BF482CB35CC836B85CE146F0A2B41DEA578CECF05FB8E7A6C9B6F28DC79A81801A9898B700860020C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3/yY/r/YT7n1sgH1lv.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/../**. * License: https://www.facebook.com/legal/license/t3hOLs8wlXy/. */.__d("bignumber-js-9.0.1",[],(function(a,b,c,d,e,f){"use strict";b={};var g={exports:b},h;function i(){(function(a){var b,c=/^-?(?:\d+(?:\.\d*)?|\.\d+)(?:e[+-]?\d+)?$/i,d=Math.ceil,e=Math.floor,f="[BigNumber Error] ",i=f+"Number primitive has more than 15 significant digits: ",j=1e14,k=14,l=9007199254740991,m=[1,10,100,1e3,1e4,1e5,1e6,1e7,1e8,1e9,1e10,1e11,1e12,1e13],n=1e7,o=1e9;function p(b){var g,h,x,y=a.prototype={constructor:a,toString:null,valueOf:null},z=new a(1),A=20,B=4,C=-7,D=21,E=-1e7,F=1e7,G=!1,H=1,I=0,J={prefix:"",groupSize:3,secondaryGroupSize:0,groupSeparator:",",decimalSeparator:".",fractionGroupSize:0,fractionGroupSeparator:"\xa0",suffix:""},K="0123456789abcdefghijklmnopqrstuvwxyz";function a(b,d){var f,g,j,m,n,o,p,q,r=this;if(!(r instanceof a))return new a(b,d);if(d==null){if(b&&b._isBigNumber===!0){r.s=b.s;!b.c||b.e>F?r.c=r.e=null:b.e<E?r.c=[r.e=0]:(r.e=b.e,r.c=b.c.slice());retur

                                                                                                                                                                                                        Chrome Cache Entry: 945

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.37.100", baseline, precision 8, 576x576, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):22861
                                                                                                                                                                                                        Entropy (8bit):7.915860154320744
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:PqsPXn/DvxyEG+TEh5M/FfYuOXKssc58VePnUnXMzb0dKFdNAuF3Gmyr7w:PT/DvA5Mkassy8Ve+czIdluF3qw
                                                                                                                                                                                                        MD5:D07E036DB76EBCEF4CF746F1837700EE
                                                                                                                                                                                                        SHA1:C6399287084EF8F2CD6CE2128849EB32AA7DDAE2
                                                                                                                                                                                                        SHA-256:3AFDD205A5583087A0DE3593EA9A165A4A330BC58DD32A3176721CB9F3858114
                                                                                                                                                                                                        SHA-512:88B9A37C4CB171CCE06D3A4DA9B0902819CCE87721B911BDA2364E06E928A1A8953B79702FFAD17CA9BFA1CFF1FCFAC42EAB5CC6C1CDAD77820A136D3B9B581A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426627967_274247019022435_8910041291589134730_n.jpg?_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=mbkDdUOEviQAX9kaehD&_nc_ht=scontent-lga3-2.xx&oh=00_AfCsDqnW8skbD6gWdYNY_OB04o0ibclD3dZVGjH1DIrscA&oe=65DADF0D
                                                                                                                                                                                                        Preview:......JFIF..............Lavc59.37.100....C..................................................................................................................................................!1QqA..s2ra.."...V..7t6.3..U..R.$5#.B4C.%E.e..b.S.c.&..'DFu.H..T........................1!.A.aQ"2.q..#r......R.$cC.3.6......@.@.."...................?...;..m.S.--......&:ffy.......3...J...Ln..I\..,u&!.;..Z...>..}..y......}.J.R&.<g...|...A.g...7iyop..)q...)..bS..k....U.,.f..{6g.q.1..#..T.q....&=.%.7.....V....&xLO1..(..b8..6....S1.z2.:..kf.w.}.U.S8.}..m.*.....L..R.L.U.%3....iv......3.-.N~...F....E.f}...g.i.SW.....{1..6...s..W..3..K.owov.:.u.....D..u.,F].3^...k.5...N.....[.Vf".3<g.}..I..I.X..C....6c..u.7kt....!...D...2v{.\....vuq.wK...n.R.R.b?H..ZtEc.-....b:M.$6 ....*......;x.v....).DVzd.Z...O..;.2.T.&..M7.it.u.6..RV..)*L.&'..)...9.4E-UR....5LW.Uz.V...I.P..jU..1..&.......M....L.q...5...56$.R=k{.4.N.....Q1..X...jU....>....fxEx....V|......X...B....ZE=...K...".

                                                                                                                                                                                                        Chrome Cache Entry: 946

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 21464, version 1.0
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):21464
                                                                                                                                                                                                        Entropy (8bit):7.991635778215233
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:384:kNMw20ZcZdIR049weTGXkBXju/W4irYjhPC09oOtbMDa9HVZycTvwxNTGup:UaxmXXSdiQPCjMvyugNiup
                                                                                                                                                                                                        MD5:923A543CC619EA568F91B723D9FB1EF0
                                                                                                                                                                                                        SHA1:6F4ADE25559645C741D7327C6E16521E43D7E1F9
                                                                                                                                                                                                        SHA-256:BF7344209EDB1BE5A2886C425CF6334A102D76CBEA1471FD50171E2EE92877CD
                                                                                                                                                                                                        SHA-512:A4153751761CD67465374828B0514D7773B8C4ED37779D1ECFD4F19BE4FAA171585C8EE0B4DB59B556399D5D2B9809BA87E04D4715E9D090E1F488D02219D555
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
                                                                                                                                                                                                        Preview:wOF2......S...........St.............................*....`..~..<..u.....H........6.$..|. ..r..K..........V...@yF#b...>.[<;P..@*.....OINd(...T...C..T.w.s.b..$.....6+. ....R8E$..o..f."MD.@T"...fH..fX..O....AA..F*....+v.Q(KpXF..U"..x@...3|l..E..<.O..~..5M}.".q.#Y9....c.o.s...M.Cr..Dt.,..CtI.O..{D......H..*.+>*K..:.Y..-.l.v......'.....^.Y.k..E..c..~..S..P0.@.....<.!(.P.u.g.2....y..y..Z...v.^..lu.dC.a..o....{.o....h3A.K.I..-.O,..}.c>....Q1]....($..........s..b.X..........CJ.+..4.gE4T.S.*{g......(^...bA,...~..R..p...<G."..y.G...k..*'...i.u....I..S....\.......e$..m.2...{K........V......{me.%.}...P3...{.T..i..Av...K..g.... ...R..n..{m....t@Z....1A.H.2...^..R5)..4}..(...T......=...Pg...Y....y..e.$...]U..0.....8..Fs.(..O.....&..f,g..5..1.yo9..:cy...e..A.......i...i...G..4`)..#j.<+..{ai..[..[~.(,......X......3.f.m+3...B......_D.F.X.i.Y#.X......}_.d..`.i..i......T...7v..A.......?..c..~..g..w.D.H)%..B.!.......:.....ZE{........m.FN.....k...0.X...

                                                                                                                                                                                                        Chrome Cache Entry: 947

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4850)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):101812
                                                                                                                                                                                                        Entropy (8bit):5.456445685313362
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:nTZPXcX3Z5iHe5yZJGRsJHrVKDnPYCrkuWZ24j:nTlXS3Z5SekZcsJHrVKDb4uWZ24j
                                                                                                                                                                                                        MD5:AE18CD1F4E04C4C94B2C1490FC9C190C
                                                                                                                                                                                                        SHA1:ACB5D07EC9E3033067B7EF452DD7546F350240F0
                                                                                                                                                                                                        SHA-256:5329EB856287B8BEE65911EB4E1FE193BF2A6A91354D4326917D3AC9A680386E
                                                                                                                                                                                                        SHA-512:33DF4B968667BC063BBF60A2C85947D33893750ED6A2F3975CE0203886D61F251C273ADE025BDFCFCB395B0CDAF693A7A11588EA1BEA2A6E7E11D03782374C75
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3icUr4/yA/l/en_US/rcl0D4zaUuw.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("TahoeTypedLogger",["Banzai","GeneratedLoggerUtils"],(function(a,b,c,d,e,f){"use strict";a=function(){function a(){this.$1={}}var c=a.prototype;c.log=function(a){b("GeneratedLoggerUtils").log("logger:TahoeLoggerConfig",this.$1,b("Banzai").BASIC,a)};c.logVital=function(a){b("GeneratedLoggerUtils").log("logger:TahoeLoggerConfig",this.$1,b("Banzai").VITAL,a)};c.logImmediately=function(a){b("GeneratedLoggerUtils").log("logger:TahoeLoggerConfig",this.$1,{signal:!0},a)};c.clear=function(){this.$1={};return this};c.getData=function(){return babelHelpers["extends"]({},this.$1)};c.updateData=function(a){this.$1=babelHelpers["extends"]({},this.$1,a);return this};c.setChainDepth=function(a){this.$1.chain_depth=a;return this};c.setChainingContextIdentifier=function(a){this.$1.chaining_context_identifier=a;return this};c.setEvent=function(a){this.$1.event=a;return this};c.setIsAutoplaying=function(a){this.$1.is_autoplaying=a;return this};c.setMediaID=function(a){this.$1.media

                                                                                                                                                                                                        Chrome Cache Entry: 948

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:PNG image data, 189 x 181, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):7289
                                                                                                                                                                                                        Entropy (8bit):7.85997289674361
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:lCRDz8VAQEISzCSFRqJwUaAJN7VK97XN+3xii36e:lUq4IeJUN5K97NgN36e
                                                                                                                                                                                                        MD5:E8D1B4455B9ED73DABB444AF813E0FD7
                                                                                                                                                                                                        SHA1:FD99452B6FAD2E0D3C39FF17787A1849D3BB3CB7
                                                                                                                                                                                                        SHA-256:B6D482EC59580B5BF80DAEC00E55656212867ACB26F09A0BB6173AFA3C45C4DC
                                                                                                                                                                                                        SHA-512:4B7F5E5F9AC922A3EA337E3C50A2487BE41189AE92D3CA299E702815A7882116F07B8E9EAAB812C4A9986EA0186264A6613D531189438FF105458188FB323A9F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/WfXPMghq_2a.png
                                                                                                                                                                                                        Preview:.PNG........IHDR.............=Z.o....PLTEGpL...........................................................................................................................................................................................................................................................................................x..........5@T................................................(((.............................................................v.............................w..........................w......................................x............................... ...v..w...................................................................................w..w..w..w...........v.................x..x..w..............w..w..y..v.................w..v..w..v..w.....w..w..w..w........w............./..q....tRNS........>..........H.8Z......f...0.d..p$.P...~..v..*M....^.,.TF&6.....kB~a.\:.......xrz..,.?"....<.J..5......@. .mW..~..........J..2.P.z.4s....@1......Xa(...hF.R...e.

                                                                                                                                                                                                        Chrome Cache Entry: 949

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1527)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):14991
                                                                                                                                                                                                        Entropy (8bit):5.444433315291858
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:ZlS0EjmIMEsYGWLoJo2QFKfnuRBwgm8g0S94dMJ9jH5f/GfAg8NI:U7XxLWzQFK/mWg7g0XE3g
                                                                                                                                                                                                        MD5:FDC9B5A35CD74FFF3EA372B1A0027A72
                                                                                                                                                                                                        SHA1:F1E0E8E7924716986E31BF52B3FCA9FB0B781638
                                                                                                                                                                                                        SHA-256:987EB7DEB2211F6BCB391972114E1C5EE71799B5086F53F1125883F18DCF6CBF
                                                                                                                                                                                                        SHA-512:F19535F91DE11CAB1AE3D6ACED695A372F23D96941A58BE0CB68F64C8AE901928158BCFC812F21A1F3D7E3CA1FE8892E24A4AD3F4F1A5AFABA6A0555B145E7CE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/jsbin/network.vflset/network.js
                                                                                                                                                                                                        Preview:(function(){function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var l="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof n&&n];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var p=ba(this);function r(a,b){if(b)a:{var c=p;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&l(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,h){this.g=f;l(this,"description",{configurable:!0,writable:!0,value:h})}if(a)return a;c.prototype.toS

                                                                                                                                                                                                        Chrome Cache Entry: 950

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (574)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):3448
                                                                                                                                                                                                        Entropy (8bit):5.484698692620344
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:o4Mjf+vi2hHGMmBUJFXtDaD6U81+K/tmbwTnw:0jf4fJLMhkdlah
                                                                                                                                                                                                        MD5:C01A82AB927B56E6B5FA01F6CB78D8F7
                                                                                                                                                                                                        SHA1:7C612A2A522DDD882C1DE037C38CFD0D05F6272D
                                                                                                                                                                                                        SHA-256:11DB1E8D29DE3DA2678D53580C87CF5B9874BF842B7919861DE31FB1ECCA18E5
                                                                                                                                                                                                        SHA-512:BE4366035AC2A2764A4557D4011EEBB5A339FA7C2214322F0293D516ACAD2E12CA4E9B6752B0CCE7D1581A17362835AA811EE7D8261D38204383736E1C9C49BB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,XiNDcc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var lsa=function(){var a=_.Pd();return _.Hi(a,1)};var qq=function(a){this.Ga=_.t(a,0,qq.messageId)};_.B(qq,_.v);qq.prototype.Ja=function(){return _.gi(this,1)};qq.prototype.Wa=function(a){return _.Pi(this,1,a)};qq.messageId="f.bo";var rq=function(){_.Lk.call(this)};_.B(rq,_.Lk);rq.prototype.Tc=function(){this.yO=!1;msa(this);_.Lk.prototype.Tc.call(this)};rq.prototype.aa=function(){nsa(this);if(this.Ez)return osa(this),!1;if(!this.EQ)return sq(this),!0;this.dispatchEvent("p");if(!this.aK)return sq(this),!0;this.NH?(this.dispatchEvent("r"),sq(this)):osa(this);return!1};.var psa=function(a){var b=new _.En(a.I_);null!=a.kL&&b.aa("authuser",a.kL);return b},osa=function(a){a.Ez=!0;var b=psa(a),c="rt=r&f_uid="+_.Rg(a.aK);_.jl(b,(0,_.sf)(a.ea,a),"POST",c)};.rq.prototype.ea=function(a){a=a.target;nsa(this);if(_.ml(a)){this.JF=0;if(this.NH)this.Ez=!1,this.dispatchEvent("

                                                                                                                                                                                                        Chrome Cache Entry: 951

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4199)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):19218
                                                                                                                                                                                                        Entropy (8bit):5.386483333795039
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:audfEIMCVf6W/vtvayL5sDU/SkZKjAUpSiLw9UpYCjIgk9uzBi:ffL6W/vtvawsY/8suSr9UpYCjIgk9uFi
                                                                                                                                                                                                        MD5:C8734A39BAC01098267A643B9D728D22
                                                                                                                                                                                                        SHA1:33964CFF7039C268CA4432FC3F69A2B096D09D7A
                                                                                                                                                                                                        SHA-256:505708C0E484FFF76A2CE4C98F2923DF33AB6D1F6DBCBFAB2AA083F46D78C7B6
                                                                                                                                                                                                        SHA-512:18EC4598C30BFA490DBCAE1B73D2E451CD7853458CDD0B7E0473B91F0FA5F6E8E02FA2C504F2D99B4221C0D80170005FDFA3CA3EBFA4DC38EABDC68FDB543DCD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.Ou=function(a){this.Ga=_.t(a)};_.B(_.Ou,_.v);_.Pu=function(a,b){return _.gd(a,3,b,_.sc)};_.Ou.Fb=[1,2,3,4];.var ABa=_.da.URL,BBa,CBa,EBa,DBa;try{new ABa("http://example.com"),BBa=!0}catch(a){BBa=!1}CBa=BBa;.EBa=function(a){var b=_.hh("A");try{_.Zd(b,_.Td(a));var c=b.protocol}catch(e){throw Error("cc`"+a);}if(""===c||":"===c||":"!=c[c.length-1])throw Error("cc`"+a);if(!DBa.has(c))throw Error("cc`"+a);if(!b.hostname)throw Error("cc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};DBa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):(a.host=.b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.FBa=function(a){if(CBa){try{var b=new ABa(a)}catch(d){throw Error("cc`"+a);}var c=DBa.get(b

                                                                                                                                                                                                        Chrome Cache Entry: 952

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 228x361, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):16966
                                                                                                                                                                                                        Entropy (8bit):7.955431265433987
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:6wI4X7/CigIoMwiEtzvO39iQc4HN2nwh1W1Aw8ZC3r2VUanEVu6NfWjXhNQVEkbl:6wRbg9P4tEwe2wdKVPnBjXxOTKSWGGne
                                                                                                                                                                                                        MD5:7825534125602242A9D2690100CF8CF3
                                                                                                                                                                                                        SHA1:E44A5C5DC2FE07BCAB01BC59367D7F369B81452B
                                                                                                                                                                                                        SHA-256:D5E71E3C4E7A30DDA8EA1AF3920E54F7E8D17D9444310F42A92295EF09CCC0BF
                                                                                                                                                                                                        SHA-512:FCDBCC8F6ED558A138483809924920AF544CA2FEED29D8A107A089D33018EAD582F9F1B0CB4D211AD80337F37C274F704F16E407814A947DA0618AAD2EA46764
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/423720332_739181998181785_4082571912085584807_n.jpg?stp=dst-jpg_p228x119&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=E7sjfPEhw0YAX_kLF2D&_nc_ht=scontent-lga3-2.xx&oh=00_AfDRYRtfZzuVxTEcKeP_K7xPX53zOa7wp_6EP2r5gN2gKw&oe=65DB39DB
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a7001000003070000d810000037120000eb130000ed1b000040290000772a0000fa2b0000a72d000046420000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......i...."................................................................................2..m..s.&.14...^...SWym.)3......r=(u...K..B...2..5&.&..i-$U-.g\...H8}ew<.X..c..W4.5.*....../C.g.....^.Wy...~.kK.Sp*..:...}QV.=...AN....=...5.a..h.....j....../c-..s.-T=Tt./s.26$i......2......PN.y.ZR...k4..s...s..=s..........3.G.9+YQ.e^.CW..9....3a....-T...A.f.....>&.+.r....kek.m.|..z..4....}.ts..<.%b2.+.r....y.t.yG|......>..GA.c....1.\.....I..p.../..z..S..$l..S._..........5.[.....k..Y..y...U..3F...*.O....2..s..7......&.-J@..yK.:I...M.R...x.z......G.....$.H....:...l....`Y.k..t.N.j#f..=..h.k&.Y.6./f....I..L...7@T.../_,.fB..dM.v...[.9MvT1.}R.^_Y>.....l.>fmu..&.B<x#..)U.....S....

                                                                                                                                                                                                        Chrome Cache Entry: 953

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2360)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):218409
                                                                                                                                                                                                        Entropy (8bit):5.457584780104673
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:Vmgr4xMzGg6HZWP0A7kNA5mz6iE80+7x6oSdw4nhPaJRCdae4pl:sgM6qgHP17oV7xBCAeKl
                                                                                                                                                                                                        MD5:02576C95C19ACB48ADAF9305DCB72B80
                                                                                                                                                                                                        SHA1:D3063E2F83F50ACB75B56C9395863D1A8F956749
                                                                                                                                                                                                        SHA-256:E2599B9FA985E9D76D458B4F71B451956B86F7858BFC15DBD233902201C1F1A9
                                                                                                                                                                                                        SHA-512:A5E31DBCAD5F186A451856C0A3215D6F7D69DE783E7B899CE3572062B15664110D9ADCAB085126BE6BA71B164961FBC5BC28879DCB024A173715FD3296F3183B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlFDOtZOCEsISxnbv91FcSS8ccV5Hw/m=_b,_tp"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x689603f, 0x1040058e, 0x27396998, 0x1c9c67bf, 0x18, 0x0, 0x1ac000, 0x3b, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Ra,haa,Za,bb,cb,db,eb,iaa,fb,lb,jaa,kaa,pb,naa,paa,Eb,qaa,taa,vaa,Pb,Sb,zaa,Zb,Daa,Haa,Iaa,mc,Jaa,Maa,Naa,Paa,Qaa,Raa,Saa,Wc,Vaa,Uaa,Waa,dd,bd,Xaa,ed,Zaa,hd,nd,$aa,aba,xd,wd,gd,Sd,hba,jba,kba,lba,nba,oba,Od,qe,re,Ae,Eba,Ne,Gba,Oe,Hba,Jba,Lba,Pba,Qba,Rba,Sba,Vba,Xba,aca,bca,fca,pca,lca,rca,tca,uca,vca,yca,Aca,Dca,Eca,Fca,Gca,Hca,Kca,Nf,Lca,Mca,Oca,Sca,Tca,aaa,Uca,ag,Vca,cg,Wca,Xca,fg,Zca,hg,fda,jda,ida,qg,lda;_.aa=function(a){retur

                                                                                                                                                                                                        Chrome Cache Entry: 954

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):42
                                                                                                                                                                                                        Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                        MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                        SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                        SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                        SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.youtube.com/pcs/activeview?xai=AKAOjsusNiR-qhpdEttXgp3EF08jcIcCCs1lrylg9Jp1zB63Gjbf01MYofI9cHZYxFUf4JO_EbJhno5FjaLGuYHai1pWpsgE9ywyJUVhGb9wHszGRoSGXMXCIOYRq6brTOPf5z_zwe5eytgOuBd-jZU&sig=Cg0ArKJSzPWcB1ACHsgdEAE&ad_cpn=[AD_CPN]&acvw=id%3Dlidartos%26mcvt%3D0%26p%3D0,0,0,0%26mtos%3D0,0,0,0,0%26tos%3D0,0,0,0,0%26v%3D20240216%26bin%3D17%26avms%3Dnio%26bs%3D1264,907%26mc%3D0%26rs%3D17%26la%3D0%26vs%3D3%26r%3Db%26pv%3D0%26epv%3D0%26pbe%3D0%26vae%3D0%26spb%3D0%26io2%3D0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0%3D"
                                                                                                                                                                                                        Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                        Chrome Cache Entry: 955

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1631)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):38674
                                                                                                                                                                                                        Entropy (8bit):5.373344735979869
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:AOZQqlnxITA3+sypwDMBub/6rur81gE0idWSBiHLztbyHgNkmtCgs+FwtNmle:efY+3g/br8qaWSBiHLRGHEbtCgKJ
                                                                                                                                                                                                        MD5:9FB0BDB3A292F495914A785280685816
                                                                                                                                                                                                        SHA1:2FBAC1566F42B41D336C3CEF46085A8ABA5291F4
                                                                                                                                                                                                        SHA-256:8B94EC92B902A78BB5DCF8A9A5CF00B3F693738608FE110FF77A2E90FA62AA09
                                                                                                                                                                                                        SHA-512:94E76518978E828E0EAA8B95C807E55DBF4E0EBA201FF5057906482AD5F57D2D2A6BA98F0EE16476688E3B5013525D06EAED692C6B795DAAE635F67B8CD100F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.moa=function(a){var b=0,c;for(c in a)b++;return b};_.noa=function(a){return a.Vg&&"function"==typeof a.Vg?a.Vg():_.ka(a)||"string"===typeof a?a.length:_.moa(a)};_.vn=function(a){if(a.Mg&&"function"==typeof a.Mg)return a.Mg();if("undefined"!==typeof Map&&a instanceof Map||"undefined"!==typeof Set&&a instanceof Set)return Array.from(a.values());if("string"===typeof a)return a.split("");if(_.ka(a)){for(var b=[],c=a.length,d=0;d<c;d++)b.push(a[d]);return b}return _.yb(a)};._.ooa=function(a){if(a.Lg&&"function"==typeof a.Lg)return a.Lg();if(!a.Mg||"function"!=typeof a.Mg){if("undefined"!==typeof Map&&a instanceof Map)return Array.from(a.keys());if(!("undefined"!==typeof Set&&a instanceof Set)){if(_.ka(a)||"string"===typeof a){var b=[];a=a.length;for(var c=0;c<a;c++)b.push(c);return b}return _.zb(a)}}};.var poa,soa,roa,qoa,Ln,Nn,Eoa,voa,xoa,woa,Aoa,yoa;poa=function(a,b,c){if(b)re

                                                                                                                                                                                                        Chrome Cache Entry: 957

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (516)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):9642
                                                                                                                                                                                                        Entropy (8bit):5.435855411923511
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:flejPRjM65ile/Q0Y5CaNLMASVZkXK7aACjbN9LDXxdZ7G92tXL74dESC:1oURjwgXK7aAq9LDXxdZ7G0tXL74dESC
                                                                                                                                                                                                        MD5:DAC3D45D4CE59D457459A8DBFCD30232
                                                                                                                                                                                                        SHA1:946DD6B08EB3CF2D063410F9EF2636D648DDB747
                                                                                                                                                                                                        SHA-256:58AE013B8E95B7667124263F632B49A10ACF7DA2889547F2D9E4B279708A29F0
                                                                                                                                                                                                        SHA-512:4F190CE27669725DAC9CF944EAFED150E16B5F9C1E16A0BBF715DE67B9B5A44369C4835DA36E37B2786AAF38103FDC1F7DE3F60D0DC50163F2528D514EBE2243
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/jsbin/scheduler.vflset/scheduler.js
                                                                                                                                                                                                        Preview:(function(){'use strict';var g;function h(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var k="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function aa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var l=aa(this);function m(a,b){if(b)a:{var c=l;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&k(c,a,{configurable:!0,writable:!0,value:b})}}.m("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}.function c(f,y){this.g=f;k(this,"description",{configurable:!0,writable:!0,value:y}

                                                                                                                                                                                                        Chrome Cache Entry: 958

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):2002
                                                                                                                                                                                                        Entropy (8bit):7.325460687486115
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:gF0NiWhLM36ljYwO9sa+BzNi848Sx1+mgjvD3FZdbsWTUNKMqI:K0ZLMqxgS5NqRxdgvFZJsWQr9
                                                                                                                                                                                                        MD5:FCBEFE46D5FB67A0E792F19A1B7622F3
                                                                                                                                                                                                        SHA1:B8724F4B8FDA5AE90B113F905152DCB01345E0A6
                                                                                                                                                                                                        SHA-256:FC12E01DA22E0EE34A6B7271C8C491564A8245EEDDDCC6505F235CE2E961C98C
                                                                                                                                                                                                        SHA-512:7A06EA2D01C15784763ABCDD0ABD9C6EA263334454DFBD252C5B4C11C68A9E268296496CC337FF014ED9C27845C552C95BADB2A4EE2D48AD6F7B6C5180E39888
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/343964824_577764657513215_2206716798952773362_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=596444&_nc_ohc=eEc7pUa2Hh0AX_1zfSl&_nc_ht=scontent-lga3-2.xx&oh=00_AfAX7KbBkG_NTnesPo4Lt9ldctCJklqtMnvdwHX5Snth7w&oe=65DBA066
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000ea010000ae02000009030000630300005d0400005905000097050000fc0500004b060000d2070000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."................................................................................E}......_.#..W;...V.CW..{...6C.g.sU.PJ.....y.P*........L!u..=.......#.............................!"12............LQa..I...em...[.....,..m.....kY-......0.A1EF.....O..>.[Z.L,u.S.1b.@1...IR19i..|,q.2Q..t}.5N.5.R..3..M.T.5...k]|..i...........J.*.#..#......%........................!Q..#234Aq.........?...%..*.....V...Ur.....8.......9.#.....T........."........................1.!"23Qq........?...".ad...H|....S0...j.......x....,.......................!"1ABQa..2q..3.............?......(..Nv.B..;e...V..(*....j.u..7@....s.h.1...?..#. .sv.K\<..N.N....L7.$.w<...:..j..8..vZ......M...UN.....[Y.,Dxz...~

                                                                                                                                                                                                        Chrome Cache Entry: 959

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (7566)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):38752
                                                                                                                                                                                                        Entropy (8bit):6.109886396926918
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:VGnVCFqwivkN5LabUnoX2lVCFqwivk2JibRlU75mMhq:gniqaLeUoYiqGbomMk
                                                                                                                                                                                                        MD5:F5629C31BCA5301AB5980247EFFEF360
                                                                                                                                                                                                        SHA1:F61DB978AA8C26A7001DF3F7600515B9F07F5231
                                                                                                                                                                                                        SHA-256:C852B1105EB000028E9B27677996F8D4773DAA31FA1AAF663CB6AE3A6857A50A
                                                                                                                                                                                                        SHA-512:FC5C31A413C1A48664E3501725AF3B94965C44FD71D0763EE78D57ABA9216FF9D45A0AD279BB9695A25BDCAAD2AFEE7B627BB0FB83801EE85A2FC100B966CA02
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.licdn.com/sc/h/eizi98w8jy0kml1jye1rlnpsw
                                                                                                                                                                                                        Preview:!function(y,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((y=y||self).AppleID={})}(this,function(y){function t(a,b,c){return b in a?Object.defineProperty(a,b,{value:c,enumerable:!0,configurable:!0,writable:!0}):a[b]=c,a}var M,N=function(a,b){var c="string"==typeof a?document.getElementById(a):a;if(null!==c)return c.innerHTML=b,c},p=function(a,b){var c=2<arguments.length&&void 0!==arguments[2]?arguments[2]:"";("string"==.typeof b||"[object Array]"===Object.prototype.toString.call(b))&&(c=b,b={});c||(c="");var d="",f;for(f in b)void 0!==b[f]&&b.hasOwnProperty(f)&&(d+=" "+f+'\x3d"'+b[f]+'"');return"[object Array]"===Object.prototype.toString.call(c)&&(c=c.join("")),"\x3c"+a+d+"\x3e"+c+"\x3c/"+a+"\x3e"},q=function(a){var b="",c;for(c in a)a[c]&&a.hasOwnProperty(c)&&(b+=" "+c+": "+a[c]+";");return b},h=function(a){return"number"!=typeof a||isNaN(a)?"100%":Math.floor(a)+"px"},O=function(a){var b=a.color,c=a.bo

                                                                                                                                                                                                        Chrome Cache Entry: 960

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (663)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):3238
                                                                                                                                                                                                        Entropy (8bit):5.387809520815037
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:o7BOsUSmiHXpkgcKmdNQ8jsetptY2PfygpcaNQJpSN9KI9hGKb1iqyBKAErw:oE07udO2F5caNQJwN9KAuezw
                                                                                                                                                                                                        MD5:6B5509EDF491407D765B9248417B3F68
                                                                                                                                                                                                        SHA1:5380993E0C0CFA67982B78BD17E283625EE0E77A
                                                                                                                                                                                                        SHA-256:F9D2DB8058E0E3CCBEA9FEA1551EE4D9ECFDBD010E10A9922B9389CCD2F13F31
                                                                                                                                                                                                        SHA-512:EE9962EA56BE934771649D7157CD7D86933EF07C3813D5C5C962E2D3F5DC53D9F6502D9B2BE24B389E7CB48BF458E8A7E5962BC1FCF283381507724FFCC60989
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var $v=function(a){_.I.call(this,a.Ha)};_.B($v,_.I);$v.Oa=_.I.Oa;$v.Ba=_.I.Ba;$v.prototype.YM=function(a){return _.se(this,{Xa:{eO:_.Hj}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.uh(function(e){window._wjdc=function(f){d(f);e(BDa(f,b,a))}}):BDa(c,b,a)})};var BDa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.eO.YM(c)};.$v.prototype.aa=function(a,b){var c=_.Xra(b).Xg;if(c.startsWith("$")){var d=_.em.get(a);_.Vp[b]&&(d||(d={},_.em.set(a,d)),d[c]=_.Vp[b],delete _.Vp[b],_.Wp--);if(d)if(a=d[c])b=_.re(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.Lq(_.jda,$v);._.l();._.k("SNUn3");._.ADa=new _.qk(_.vf);._.l();._.k("RMhBfe");.var CDa=function(a,b){a=_.rqa(a,b);return 0==a.length?null:a[0].tb},DDa=function(){return Object.values(_.So).reduce(function(a,b){return a+Object.keys(b).length},0)},EDa=function(){return Object.entries(_

                                                                                                                                                                                                        Chrome Cache Entry: 961

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1631)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):38504
                                                                                                                                                                                                        Entropy (8bit):5.380911353336594
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:VkzC7vRxeiGDTwuMgroW6Cz7WRisKjcfqaCTCEUnqRkumnntnVT:bTeTgWJ7WqcfqaCTChqXGP
                                                                                                                                                                                                        MD5:556588515D19D3F4678C16D0BB8DB99B
                                                                                                                                                                                                        SHA1:E6887B21F0E68669311C70BF00250E55F6F6F029
                                                                                                                                                                                                        SHA-256:994A75AF5B582099104F446BA121F0D315B47329B541600003D45C318C1280B8
                                                                                                                                                                                                        SHA-512:5A7F9C2A3D1E6A46495A44C9EF5E85D3D154A197545FFCC0CA6C9C4FD14CD954BCC8D337B7D11EC041F839ED75564B15E9274E44CFD1EFCA39D3015EA090AF09
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.Doa=function(a){var b=0,c;for(c in a)b++;return b};_.Eoa=function(a){return a.Vg&&"function"==typeof a.Vg?a.Vg():_.ja(a)||"string"===typeof a?a.length:_.Doa(a)};_.Vn=function(a){if(a.Mg&&"function"==typeof a.Mg)return a.Mg();if("undefined"!==typeof Map&&a instanceof Map||"undefined"!==typeof Set&&a instanceof Set)return Array.from(a.values());if("string"===typeof a)return a.split("");if(_.ja(a)){for(var b=[],c=a.length,d=0;d<c;d++)b.push(a[d]);return b}return _.yb(a)};._.Foa=function(a){if(a.Lg&&"function"==typeof a.Lg)return a.Lg();if(!a.Mg||"function"!=typeof a.Mg){if("undefined"!==typeof Map&&a instanceof Map)return Array.from(a.keys());if(!("undefined"!==typeof Set&&a instanceof Set)){if(_.ja(a)||"string"===typeof a){var b=[];a=a.length;for(var c=0;c<a;c++)b.push(c);return b}return _.Ab(a)}}};.var Goa,Joa,Ioa,Hoa,lo,no,Voa,Moa,Ooa,Noa,Roa,Poa;Goa=function(a,b,c){if(b)re

                                                                                                                                                                                                        Chrome Cache Entry: 962

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (16331)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):738838
                                                                                                                                                                                                        Entropy (8bit):5.72730112663479
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:ak162hzLiYeWJrJdH+ArOzIzLu9D4foBC1QVziBTJIK5+MHJw:akvtL48dtoBXVzixZpw
                                                                                                                                                                                                        MD5:967CA4800E9DA13F9B910A870450F28E
                                                                                                                                                                                                        SHA1:799A227041FB696A1465AA8EF41A7C88156D0C4C
                                                                                                                                                                                                        SHA-256:DD7169B02CC269030C9B3D95DC0B83F01234A6431886269EC2447EBD7C43F792
                                                                                                                                                                                                        SHA-512:7ECF38D4245E8D908605F0AD4F895F6A53C02405F68E9E7C313A930ACBD0575BBB2A0F7661BDFA6FFBCA1D73940995F11176A143729E231B25135A350024A6C9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,fJpY1b,b3kMqb,EGw7Od,ZUKRxc,my67ye,t2srLd,EN3i8d,hmHrle,mWLH9d,NOeYWe,O6y8ed,fqEYIb,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,lwddkf,SpsfSb,fFzhe,tUnxGc,aW3pY,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,xBaz7b,eVCnO,LDQI"
                                                                                                                                                                                                        Preview:"use strict";_F_installCss(".O0WRkf{-webkit-user-select:none;transition:background .2s .1s;border:0;border-radius:3px;cursor:pointer;display:inline-block;font-size:14px;font-weight:500;min-width:4em;outline:none;overflow:hidden;position:relative;text-align:center;text-transform:uppercase;-webkit-tap-highlight-color:transparent;z-index:0}.A9jyad{font-size:13px;line-height:16px}.zZhnYe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);background:#dfdfdf;box-shadow:0px 2px 2px 0px rgba(0,0,0,.14),0px 3px 1px -2px rgba(0,0,0,.12),0px 1px 5px 0px rgba(0,0,0,.2)}.zZhnYe.qs41qe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);transition:background .8s;box-shadow:0px 8px 10px 1px rgba(0,0,0,.14),0px 3px 14px 2px rgba(0,0,0,.12),0px 5px 5px -3px rgba(0,0,0,.2)}.e3Duub,.e3Duub a,.e3Duub a:hover,.e3Duub a:link,.e3Duub a:visited{background:#4285f4;color:#fff}.HQ8yf,.HQ8yf a{color:#4285f4}.UxubU,.UxubU a{color:#fff}.ZFr60d{position:absolute;top:0;right:0;bottom:0;left:0;background-color:tran

                                                                                                                                                                                                        Chrome Cache Entry: 963

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 21700, version 1.0
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):21700
                                                                                                                                                                                                        Entropy (8bit):7.989666631701204
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:PxbG/ZciREUTWlMwbptJm5f9/1HuLZ4r38bxSpfGL/+SHA+ilQlO3fq8O/4s:5bfiBWlRPm5fjrruYJGTiqlO3fo/p
                                                                                                                                                                                                        MD5:7D75A9EB3B38B5DD04B8A7CE4F1B87CC
                                                                                                                                                                                                        SHA1:68F598C84936C9720C5FFD6685294F5C94000DFF
                                                                                                                                                                                                        SHA-256:6C24799E77B963B00401713A1DBD9CBA3A00249B9363E2C194D01B13B8CDB3D7
                                                                                                                                                                                                        SHA-512:CF0488C34A1AF36B1BB854DEA2DECFC8394F47831B1670CAB3EED8291B61188484CC8AB0A726A524ECDD20B71D291BCCCBC2CE999FD91662ACA63D2D22ED0D9F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
                                                                                                                                                                                                        Preview:wOF2......T...........T_..........................4..*....`..~..d..u.....,..$.....6.$..|. ..V..K..^.=...sp.f.m../....l\.....T.9.n..A...........2x.{P[V..v%..M...f.7..+c.cM.'...$..u.H4[?i.'..T..+.(...L...inV.@.dd....T.. }b...c.ghRA..I$.su.....`....Q.OB..S.{.#.3..o.{v.........n...]f#b.J_.......}# ..1... F........=?O.|._p........X.6.VQ.*.E..rU...}....dK.$...0.W..2i..Y...9.Y.............f{..6'....C:%.(........}.....W..._....k...|.........Y8./..e..........L......_.9..v...2F..$..y)....UWu_..T.]qE.H.b..OP...B@.4.!,F..._............z.3.*.A,h.M.(...6~_[U$.....uM2.*..qz.v.........hV\|?.......M-.h..by.A,.}.....?...52.g.,....<..s..k....h.U.]1.1..O......m......j...}6.j.v.a..R....Fj...).fO3........GSM....... ...GL..({A....$O..&'..\....:.x....{N.p8..q..iF..k...b.>....<..M..`.....d.I.5... .x...mo.L.?A(..F }./.._V.e.A.Z3.....C...h...f......(,..3....%.h'.?sG..&x..W.......b].'34.S#s...wiG.O....J.ADDDDBw.m;.....K.ti).....?.6.\.M..d.....[.z....4..D.b...6..F.....F..D.r

                                                                                                                                                                                                        Chrome Cache Entry: 964

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (19354)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1222477
                                                                                                                                                                                                        Entropy (8bit):5.4643266472857155
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:5AL9fLzt98Nb0yfV4Ttflp53hQeODbAOAEJHGXlbyC5Z7gZ5dnXnNfM7clj75YDg:yRxyfEt9XS/DpJmXhyCT7anXnNpV4MG0
                                                                                                                                                                                                        MD5:1FD6F086EC8B78436EC1463B780D9F47
                                                                                                                                                                                                        SHA1:30F0B9E8A51E57F84FAA9A01EEED96A3C57C5E75
                                                                                                                                                                                                        SHA-256:2C96233A239E7071BCAC25C4285D2DF1DFA30AC9F1E6A7CF6CA37832B85E78C3
                                                                                                                                                                                                        SHA-512:E53E3A8AEC8106BEC73FD4BE97D1CD7FB4A10C503852E8B744F62FF93FBB3A71B58F20CFA9DED7F177AF8CF558A9D6C3E45240041EC8FD5E59FC43EBE103CB42
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3iwSC4/yd/l/en_US/YZaBrTjfx7q.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometStyleXDarkTheme",[],(function(a,b,c,d,e,f){e.exports={"fds-black":"black","fds-black-alpha-05":"rgba(0, 0, 0, 0.05)","fds-black-alpha-10":"rgba(0, 0, 0, 0.1)","fds-black-alpha-15":"rgba(0, 0, 0, 0.15)","fds-black-alpha-20":"rgba(0, 0, 0, 0.2)","fds-black-alpha-30":"rgba(0, 0, 0, 0.3)","fds-black-alpha-40":"rgba(0, 0, 0, 0.4)","fds-black-alpha-50":"rgba(0, 0, 0, 0.5)","fds-black-alpha-60":"rgba(0, 0, 0, 0.6)","fds-black-alpha-80":"rgba(0, 0, 0, 0.8)","fds-blue-05":"black","fds-blue-30":"black","fds-blue-40":"black","fds-blue-60":"black","fds-blue-70":"black","fds-blue-80":"black","fds-button-text":"black","fds-comment-background":"black","fds-dark-mode-gray-35":"black","fds-dark-mode-gray-50":"black","fds-dark-mode-gray-70":"black","fds-dark-mode-gray-80":"black","fds-dark-mode-gray-90":"black","fds-dark-mode-gray-100":"black","fds-gray-00":"black","fds-gray-05":"black","fds-gray-10":"black","fds-gray-20":"black","fds-gray-25":"black","fds-gray-30":"black","

                                                                                                                                                                                                        Chrome Cache Entry: 965

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4199)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):19218
                                                                                                                                                                                                        Entropy (8bit):5.393979167052038
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:DrBIgKlku0Cq8r9x86SGek2bwsTkvI0KY+woMKWU3ve9RiA:DrO/0CqE9OKA0iwoMKWU3ve6A
                                                                                                                                                                                                        MD5:200150E3FBC950B281221857722E041D
                                                                                                                                                                                                        SHA1:9FE484AFC3E7BE9979E17CC803B4FADC5B89F4E6
                                                                                                                                                                                                        SHA-256:03E61B67559CAC7B1FC5749C196820B0246255BC00B026F3738ED90CA1E646EA
                                                                                                                                                                                                        SHA-512:5F304309F6E1DF1E8FA46E5DD506D1D838CA109DB01A371329899835946EDB1357C07F11A6AC81D087144EDDD096405A7646DEB61DDD746E2BFC9FAA16FE1AF9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.lv=function(a){this.Ga=_.t(a)};_.A(_.lv,_.w);_.mv=function(a,b){return _.Ad(a,3,b,_.zc)};_.lv.Fb=[1,2,3,4];.var CBa=_.da.URL,DBa,EBa,GBa,FBa;try{new CBa("http://example.com"),DBa=!0}catch(a){DBa=!1}EBa=DBa;.GBa=function(a){var b=_.Lh("A");try{_.ye(b,_.te(a));var c=b.protocol}catch(e){throw Error("cc`"+a);}if(""===c||":"===c||":"!=c[c.length-1])throw Error("cc`"+a);if(!FBa.has(c))throw Error("cc`"+a);if(!b.hostname)throw Error("cc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};FBa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):(a.host=.b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.HBa=function(a){if(EBa){try{var b=new CBa(a)}catch(d){throw Error("cc`"+a);}var c=FBa.get(b

                                                                                                                                                                                                        Chrome Cache Entry: 966

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x960, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):85190
                                                                                                                                                                                                        Entropy (8bit):7.98453689846693
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:gVN1sAT/Eu/zfneNT3XSChXOKbkZXR1dzoUrPf7tByY+BfIzwzkwln:sbBedpRyfpb7tB5MfIzwR
                                                                                                                                                                                                        MD5:BA0886465CE86B1F6BC73EDAF0CB0751
                                                                                                                                                                                                        SHA1:E1738813E3325E55C77AA9136E2787BD1359BEB1
                                                                                                                                                                                                        SHA-256:4511C1993F47C7903D6138FDD20F9F2516F8869BE9723A5111B79F01F0F3E28D
                                                                                                                                                                                                        SHA-512:9AAD4A897F38FE7BD865E61CD8EA75079F05B0B9D07C5DB8275558E8305C44FA8576E8401BD352A21CA1E472BD17111CBA1318DDA71A939F547E75D94DDD86F8
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426078014_332034236501415_4239489258418623458_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=VfZdJG-WIEMAX9wjlVf&_nc_ht=scontent-lga3-2.xx&oh=00_AfDplOqKwXsw7NbDMma3G9jQiD-xFCbNXN_-HRfMmos7Aw&oe=65DB0A5A
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a700100006a1e00001d500000d4520000df560000dd8500002ccd00005ed30000d7d700007fdd0000c64c0100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."...............................................................................km9.k..R@J..Sz....F....a.1..D.y...........,L.:Ai%+-....H.#..6O,..i.w.z&.....$...&...v.!..... .D.2.$cY.q:HX1.g.ax..0Y#.....$..f.!.b.f.kM.D2.D..T..Qx...3..=nh.M...../6V}tp..X...8..1...f...&2..)#,.Hd.&i.w...8@9MP.1......P].`6.... Ad. ..M5g.A.q..7..n.C.N.H.........MfU-.X....Y.....m;.jN.HP..8.Y..i..E.&.G.e.L...cD.Wh..*....^.....e..Gn.s...^..X.....Z.l.&q3V.A...qg.[.7Fd...jgVh.. .....M..j..9.8.."..Xz1s&.........`.s8.bf% bAN<.B..=?'Xy..i...d.:IRx.JM.%..#F<...q..Yfq...MR...g9f.z...\`.`fKu.JfP.S.<.I.#..x.H..S!&.!..NHqH..a&2..=@Hyu....2.f@_....F..!.Y.8N.(.[.ZM.T....-..S.Z..3.YD_...0.......$.

                                                                                                                                                                                                        Chrome Cache Entry: 967

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3367)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):30293
                                                                                                                                                                                                        Entropy (8bit):5.535489582127669
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:Tsez1EDy+Pbe0dmjHyc+Rs23g/+FBT3KTOcI5zrSZ6r4R8:o5S0EjF1Car8
                                                                                                                                                                                                        MD5:291AEC083026B4A69933345E4A8EC700
                                                                                                                                                                                                        SHA1:B82293A123F627C42136E47E0FDDCACC9BD33FD4
                                                                                                                                                                                                        SHA-256:BC761CE6529E5AC4321A1B78FC1F457EF74C692980CEF5642BD8A0B762031D07
                                                                                                                                                                                                        SHA-512:0E24548F53D28F90046C2CA705649363DBB1E4BB3563EB05A1045E9AF904A1FFD939E531918B337A39C54EBF59A47BA26C5EBBDF670D4F88B86696100AA15A91
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3iMz64/y-/l/en_US/cvkeasQlp8Ct426Vxq3HF6.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("FBReelsRootWithEntrypointQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="7090801701039075"}),null);.__d("FBReelsRootWithEntrypointQuery$Parameters",["FBReelsRootWithEntrypointQuery_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("FBReelsRootWithEntrypointQuery_facebookRelayOperation"),metadata:{},name:"FBReelsRootWithEntrypointQuery",operationKind:"query",text:null}};e.exports=a}),null);.__d("CometTahoeSidepaneDialog.react",["ix","CometCircleButton.react","TetraText.react","fbicon","react"],(function(a,b,c,d,e,f,g,h){"use strict";var i,j=i||d("react"),k=32;b=16;var l=k+2*b,m=16;function a(a){var b=a.bodyAspectRatio,e=a.children,f=a.onClose;a=a.title;b=b!=null?j.jsx("div",{className:"x78zum5 xl56j7k x6ikm8r x10wlt62",children:j.jsx("div",{style:{paddingTop:"min("+100/b+"%, 100vh - var(--header-height) - "+l+"px - "+m+"px)",position:"relative",width:"min(100%, (100vh - var(--header-h

                                                                                                                                                                                                        Chrome Cache Entry: 968

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3274)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):455907
                                                                                                                                                                                                        Entropy (8bit):5.427285669194909
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:i7gniZbz80T44cQr9yTkXsOMlZITy+AEJO5M4PLCHkShkCrfa3/1UGRA32i:iph9yTkXNMITyRbuHfa+hz
                                                                                                                                                                                                        MD5:015964316668CD1CA40BAFD103698653
                                                                                                                                                                                                        SHA1:6DCE60ECD33AC7597D92F89D4475F60C3C874474
                                                                                                                                                                                                        SHA-256:A3472973C524271725C5309287B5B97814944D2F0D36EA2A61C25D432DDA1D0A
                                                                                                                                                                                                        SHA-512:9E6A388E69565C4900C9091F19275E51B65B71BDFA4E495E944087FEEEA28C050A531E4BA06C0050F8B8F873BA51D6474267D43D8468EAB93F35E764A4BA1F63
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3i74t4/yw/l/en_US/MfB2RTJ-W7s.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometSetDenseModeMutation_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="4486145264820781"}),null);.__d("CometSetDenseModeMutation.graphql",["CometSetDenseModeMutation_facebookRelayOperation"],(function(a,b,c,d,e,f){"use strict";a=function(){var a=[{defaultValue:null,kind:"LocalArgument",name:"input"}],c=[{alias:null,args:[{kind:"Variable",name:"input",variableName:"input"}],concreteType:"SetDenseModeResponsePayload",kind:"LinkedField",name:"set_dense_mode",plural:!1,selections:[{alias:null,args:null,concreteType:"Viewer",kind:"LinkedField",name:"viewer",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"dense_mode_setting",storageKey:null}],storageKey:null}],storageKey:null}];return{fragment:{argumentDefinitions:a,kind:"Fragment",metadata:null,name:"CometSetDenseModeMutation",selections:c,type:"Mutation",abstractKey:null},kind:"Request",operation:{argumentDefinitions:a,kind:"Operation",name:"CometSetDenseModeMutation",selections:

                                                                                                                                                                                                        Chrome Cache Entry: 969

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (540), with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):540
                                                                                                                                                                                                        Entropy (8bit):5.0953958403229755
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:TMHd2yqNZNNUrS7n4nuL0EGuSl6FGYdB2GSuh43JPYa0:2d2PNdUrS7nfcuSQ8YdqXya0
                                                                                                                                                                                                        MD5:AABAC4B67E56DCAAA0C06DCEA2C8C7EC
                                                                                                                                                                                                        SHA1:4AEC6ABB0BCB8B6828F0CFE62637D3B270FDEA6C
                                                                                                                                                                                                        SHA-256:96D0C3380F81C5C429B2FAB04F6A9961F83287D1922A1B44A1DBD4A4004D62B6
                                                                                                                                                                                                        SHA-512:C9709D6C0A2EE21148E5D8826A3093E3A353B7D2BA0C135924EA8079982A8475F71B5926AFE6F21FF67C2538574D2F6EC0C20C97ED836F6A67799EA05D20AC6D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/opensearch?locale=en_US
                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8"?><OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"><ShortName>YouTube</ShortName><Description>Search for videos on YouTube</Description><Tags>youtube video</Tags><Image height="16" width="16" type="image/vnd.microsoft.icon">https://www.youtube.com/favicon.ico</Image><Url type="text/html" template="https://www.youtube.com/results?search_query={searchTerms}&amp;page={startPage?}&amp;utm_source=opensearch"></Url><Query role="example" searchTerms="cat"></Query></OpenSearchDescription>

                                                                                                                                                                                                        Chrome Cache Entry: 970

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, baseline, precision 8, 480x854, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):49043
                                                                                                                                                                                                        Entropy (8bit):7.97565661137414
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:57qH6ZYBCbXFbg45E8XUzDrqVj9hFkO+gCzdvZXcmExOD2Jd0haJXC0iCUbnIKwY:sHIYBCbXRHhkXrQhFX+gCRxXtPHXCIMu
                                                                                                                                                                                                        MD5:642ED1A655122CDAB6773B41C26D79AB
                                                                                                                                                                                                        SHA1:01DFE9828B29F0FC6190D83C5BC6C443FFCE2469
                                                                                                                                                                                                        SHA-256:6B7FBAE5217801CD79AB9D76390AFF44A0E9092F58A94D8D9AA0D5BED53E675D
                                                                                                                                                                                                        SHA-512:23BB2EB212336AD4BD5F66840764B99360CF483D6ACAA589FB4974B1D83457FA52C48B98444AED54BF424E8C5F07B921BD0833DCA2DD7610E8834439DEE24B62
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426792316_1137033600634981_4419544775212663723_n.jpg?_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=r-ESUcfvbL0AX-OEa4W&_nc_ht=scontent-lga3-2.xx&oh=00_AfA_yU8agZZsoJ2f93OneNcYWJgMem6aKMFcYFO5x3nzCg&oe=65DB4FC7
                                                                                                                                                                                                        Preview:......Lavc59.37.100....C..............................................................................................................................................!..1A.Q."a.q2B..R.......Tb.S.#.3r.D..C..$.%4U..c5E.s....6.d.t.......................Q!...12aA"...R..q.3.#S..rBb.......V...."...................?...kn.....||.....6..;L%.|t......^..............^..O1.V...-..O.;o.Y93..8..?.)..f...i.......:1`.F.../........Z.ZX}S~^.r.#..hd.).kgh..`-.W...0........kG.lO....&bl.`{..j...i...:.W..'.C.+...3.#..8..u..p....*z.....~.X.,a..~.U..t.1.v`O..U.c..i.}o..d<_..:......~P.m.4...d....T/........*d../.5...8._....(.)./z.~E...k.i29.I.|...-..[.].5....F..v..7.j.Jma.M..]....7].K..D....N[.3N..k(..........7(w<..=..+.@'....o.|.....X..B......Y..=.]3.0...@....^..Y....(.....te.V.r..m......nU.f..a...,...X.l.....~_j.0...9c3..{.M s..@;.z...5Xaf,..N...[..d......7..E.t...y..2.G..|_...>3.f'qF....k..`.,.^5..Z.....Jj`......h.n.<\,2.\.w.q..I...K%cs..+...r.y.\i...CSH..

                                                                                                                                                                                                        Chrome Cache Entry: 971

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:PNG image data, 192 x 192, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):2106
                                                                                                                                                                                                        Entropy (8bit):7.554456957317547
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:EWP8JUaPVKWwCtcHB3sXXRBJ3v8qkZ/aWr/3KZerMLvSOxJ3Df8sfqV1:lkJVKWw03XXZ4Meo931fq
                                                                                                                                                                                                        MD5:6452ED75C53E1A8E90A664DF18959A90
                                                                                                                                                                                                        SHA1:AC01FC2F40F0E4808E22A9C569F3775F0F15A5E2
                                                                                                                                                                                                        SHA-256:C7BAC3E7016DFC7EB5787579BAC6B975B433FC1A9C279DAFC35649D4782F2061
                                                                                                                                                                                                        SHA-512:4B23F7FB31826943CBA6496BD74DC620C8EC3B8F0525497E825F1F1F87486335D4374F85417458C3C3E018C2215B9B419D7DE77CB67AAE9EA619038432E1EB10
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/eFZD1KABzRA.png
                                                                                                                                                                                                        Preview:.PNG........IHDR.............e..5...YPLTEGpL.e..e..e..p..e..f..f..h..f..f..`..`.....g..f..f..g..g..f..f..f..g..f..h..e..f..d..g..e..e..c..f..f..e..f..g..g..e..f..f........i..h..e..f..f.....e........e..g..f..f..f..f..f..f..g........f..e..e.......F........................f....F.....d........'y.....p....E.....U..7..t.................6..t...........U.................................p......uy...LtRNS.0`..... ......p..._....@..@..oPP...O.^..__....0.o.o.oO..p.P.P_n. ..@0..P........DIDATx..YS.G..G.]..N...t.6&.$..8v|.>{.."....m.3...../...X...*./.....z..Z...^-."|GT(T.K..Z..n..z.3..BT..Z....\.)..Y.....)..\XZs%..e../...........:....Z.R...,X...B....VCL......".~)P...@..P..8......YG..<...=..BLs..CX........0..J...I....Z..,....0g...i...B..}6.Eh.$.g.D1.k......... ..WYD....O..b~.~......U..s4..?...d0........x.g7.zF...........9..G*.A...~...=#.w0.1Z......K..BV..>....x.p...<LS...ft..(|...2XDE.Q...yc..$Mu.@.L...R=.X,.H....!.X).j../.-q2.....09.........\...&.bYk........j.o......../.u}..(5!.

                                                                                                                                                                                                        Chrome Cache Entry: 972

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (41541)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):74197
                                                                                                                                                                                                        Entropy (8bit):5.4551136708766705
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:1pbgXdxJkYuOm3Q+gXHcJXEal5yl/kPHTO677Y8PouA/sqk92474oIhfc0fnraJp:veHchBCdo25qMKcuktHzX+6UevL8F
                                                                                                                                                                                                        MD5:1A385461F30E3F360D31F242FD6B3D98
                                                                                                                                                                                                        SHA1:0C0D69D3D866E93732265776AE44FD02DB855D99
                                                                                                                                                                                                        SHA-256:F89934AC0709430477B8A664F72035461A08E79AAB91944D71D695660D810C13
                                                                                                                                                                                                        SHA-512:8F5957C1FB9DA9BC831E688F66F4DE1362ED2A2B7A557F9607C7DD93F99D7E07A339B52C350CE1CC236EC5A2B84AE9CE7FF53F12319C967CC4A3D6C5DDCFF161
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.licdn.com/sc/h/1jvrml64dlmt60uoawzo2af88
                                                                                                                                                                                                        Preview:!function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var i in e)n.d(r,i,function(t){return e[t]}.bind(null,i));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=108)}({108:function(e,t,n){"use strict";n.r(t);var r=n(7),i=n(43);const o="PageViewHeartbeatE

                                                                                                                                                                                                        Chrome Cache Entry: 973

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (511)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):2051
                                                                                                                                                                                                        Entropy (8bit):5.245569770149611
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:x2npr4QxmTJsIxHPTNSxf0gzu590yKECxex3XZKE+:x44wmTJsYH7NGf0gKT0yKE2K3pJ+
                                                                                                                                                                                                        MD5:A94E7CD86F5824E27720F5D3C712DF9A
                                                                                                                                                                                                        SHA1:7BF52949685727D7133F452B432A57615E40978F
                                                                                                                                                                                                        SHA-256:59CE6BDF8E3D17BB68667499C34A3EC32B9F7836DBCA59D03237A4C9FFFEFD35
                                                                                                                                                                                                        SHA-512:726D7BB3C7D356453A10D590EE4806BDE864FC7E909BA8F03E194B1F1BAA0D65AE8FC89E9E393F2300ED3536969E7445AC39860E3BB0EA338EF19F4B51139B9F
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js
                                                                                                                                                                                                        Preview:'use strict';/*.. Copyright (c) 2016 The Polymer Project Authors. All rights reserved.. This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt. The complete set of authors may be found at http://polymer.github.io/AUTHORS.txt. The complete set of contributors may be found at http://polymer.github.io/CONTRIBUTORS.txt. Code distributed by Google as part of the polymer project is also. subject to an additional IP rights grant found at http://polymer.github.io/PATENTS.txt.*/.(()=>{if(window.customElements){var h=window.HTMLElement,m=window.customElements.define,n=window.customElements.get,k=new Map,l=new Map,e=!1,f=!1;window.HTMLElement=function(){if(!e){var a=k.get(this.constructor);a=n.call(window.customElements,a);f=!0;return new a}e=!1};window.HTMLElement.prototype=h.prototype;window.HTMLElement.es5Shimmed=!0;Object.defineProperty(window,"customElements",{value:window.customElements,configurable:!0,writable:!0});Object.defineProperty(window.

                                                                                                                                                                                                        Chrome Cache Entry: 974

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2164), with no line terminators
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):2164
                                                                                                                                                                                                        Entropy (8bit):5.007692541572839
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:/CpDuMY6wRQAQl07kBeFxDKNpK9xvj+Zy3t:/snIQAFhRl
                                                                                                                                                                                                        MD5:68225657C41B94DFDD7669563FA18C80
                                                                                                                                                                                                        SHA1:58E43494BC31122F06FCB3AA3764BE2883D0618F
                                                                                                                                                                                                        SHA-256:72BCCD36C17AA93A7BB553557626BB720BE60CDE2357D817BD03AF6BE67CF08E
                                                                                                                                                                                                        SHA-512:18441A68B88395A98A1721CE772AA98D0A05AC080E4C7C2A8A0598F46837FCFF8A1C5978E6A0C3146A088CCA632ED43B377FF63DB15195976AE958D35E9FB1CB
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.licdn.com/sc/h/65xtw2y5evpkuq3vtf8wiydts
                                                                                                                                                                                                        Preview:!function(e){var t={};function n(o){if(t[o])return t[o].exports;var r=t[o]={i:o,l:!1,exports:{}};return e[o].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,o){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:o})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var o=Object.create(null);if(n.r(o),Object.defineProperty(o,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(o,r,function(t){return e[t]}.bind(null,r));return o},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=91)}({91:function(e,t){var n=document.querySelector(".language-selector"),o=document.querySel

                                                                                                                                                                                                        Chrome Cache Entry: 975

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (405)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1600
                                                                                                                                                                                                        Entropy (8bit):5.234459115233662
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:kMYD7i1NPxJ3nktBNuryNPxyhzs/fdkTRxuAoMylW6MumIcu2yNPxxQ34OZI86y2:o7iHY0rs9ORxvoMylxr2sQJ7DNzfrw
                                                                                                                                                                                                        MD5:967DFEEC6A7FD39DC7FE665E776702E2
                                                                                                                                                                                                        SHA1:AA15F9DF789871C3AFAC0D31962E1E71F1D9CD58
                                                                                                                                                                                                        SHA-256:D432D0BB701BE738D8E070DBFAEE681AB412F157E5ADBC63099309FC2DFF6252
                                                                                                                                                                                                        SHA-512:461D5EE5A265CD8DEFD3EB0C286DAA5DAC8C115621CA9420694DA308093C0DA6280B3366B3C1ED5B4BF106CB2BC9AAB827E63B36D4E71447153581ADB18298AA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.uf(_.hia);_.Yv=function(a){_.I.call(this,a.Ha);this.aa=a.Xa.cache};_.B(_.Yv,_.I);_.Yv.Oa=_.I.Oa;_.Yv.Ba=function(){return{Xa:{cache:_.gp}}};_.Yv.prototype.execute=function(a){_.wb(a,function(b){var c;_.qe(b)&&(c=b.Za.Nb(b.fb));c&&this.aa.JC(c)},this);return{}};_.Lq(_.Cia,_.Yv);._.l();._.k("VwDzFe");.var KE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.Oq;this.ea=a.Ea.metadata;this.da=a.Ea.Fq};_.B(KE,_.I);KE.Oa=_.I.Oa;KE.Ba=function(){return{Ea:{Oq:_.kE,metadata:_.lUa,Fq:_.hE}}};KE.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.wb(a,function(c){var d=2===b.ea.getType(c.Bd())?b.aa.fc(c):b.aa.aa(c);return _.Tj(c,_.lE)?d.then(function(e){return _.Wc(e)}):d},this)};_.Lq(_.Hia,KE);._.l();._.k("sP4Vbe");._.kUa=new _.qk(_.Dia);._.l();._.k("A7fCU");.var pE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.nL};_.B(pE,_.I);pE.Oa=_.I.Oa;pE.Ba=function(){r

                                                                                                                                                                                                        Chrome Cache Entry: 976

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (7686)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):8010
                                                                                                                                                                                                        Entropy (8bit):4.922289133578056
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:TTRGUcHwbEnZH0LqEcbuCUY3bkQsS6SxSrxLFvH7WJdJw:ZGUcHOqEcbuCp3bkQspksxLAJdJw
                                                                                                                                                                                                        MD5:CD9B4175E398D2FAC221A109EE390B0B
                                                                                                                                                                                                        SHA1:410EEE760AC87C5B79DD1D444AE95EBDC51EEAD6
                                                                                                                                                                                                        SHA-256:592BB5254D980CE4035BB3CD5F93B21BC8DE0F281087E4E9B1245764B7507004
                                                                                                                                                                                                        SHA-512:4544C2589B8BBD68DC294A2B204F7ED48851BD0C0DD66FD73534415BAB91A5E0E820410DB2C87A56943C15212613A0E0A8DA9B0247F0ED86B8214C12030ABD42
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/sw.js
                                                                                                                                                                                                        Preview:/** 3298146923576086307 */self.document = self; self.window = self;var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else{var k;for(k in a[0])ytcfg.d()[k]=a[0][k]}}};.ytcfg.set({"EXPERIMENT_FLAGS":{"H5_enable_full_pacf_logging":true,"H5_use_async_logging":true,"ab_det_apb_b":true,"ab_det_el_h":true,"ab_det_fet_wr":true,"ab_det_fet_wr_en":true,"ab_det_gen_re":true,"action_companion_center_align_description":true,"allow_skip_networkless":true,"clear_user_partitioned_ls":true,"compress_gel":true,"csi_config_handling_infra":true,"deprecate_csi_has_info":true,"disable_child_node_auto_formatted_strings":true,"disable_pacf_logging_for_memory_limited_tv":true,"disable_simple_mixed_direction_formatted_strings":true,"disable_thumbnail_preloading":true,"embeds_transport_use_scheduler":true,"enable_ab_report_on_errorscreen":true,"enable_ab_rp_

                                                                                                                                                                                                        Chrome Cache Entry: 977

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:PNG image data, 49 x 74, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1633
                                                                                                                                                                                                        Entropy (8bit):7.352151724937379
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:Qy3Hwa/3ffWoAf6t+snxsGhlYUcGwMMQ1:xQaXfKG+IJcJM51
                                                                                                                                                                                                        MD5:72EE577BCC1A6A29D0422C3EB1248861
                                                                                                                                                                                                        SHA1:800818D8D4A3E67D49ED2A3A935B355F8452DDDD
                                                                                                                                                                                                        SHA-256:97FADFDD7D274DAABD9F7D79C817F4A9FACC08EBA67E38284698525E8A1FFFD0
                                                                                                                                                                                                        SHA-512:A373DB5E786A91D299394B45D707A067CEC708966B8757BF84F5BEF0F167E7EE4388C4356468526A6A8B4AD3521773FE78FDE18422B16F730D9116245544171B
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/7NqDjYL3eb9.png
                                                                                                                                                                                                        Preview:.PNG........IHDR...1...J.....%.L,....PLTE.....................GpL...........................FFF......ooo...BBB.......................................NNN...uuu...............................................................999..................,,,.........AAA...............444......................................................777...WWW......:::.....................333........CCC........................zzzhhh....."""{{{...jjj.............%%%...555............................................bbbccc.........rrr......sssrrrsss.................................to.K....tRNSfJ....\.Td..hLfl.xP6.\x.....jf..|..N|`........N..R`..n..^.tVp..V.v...z...t.|.."^v.hfBlZX.j...tb..p~b....:4r..x...h......n.......n.t.....`.`.....b....b.................TIDATx^..es#G.....dY`.33...!3C.0.c.....~.|.D+E.f....}.T......j...3..3...)C."...'..........GK._..........J.....%..vw:....D&+5.fl... ..@..Q.4.$.h.&Zb..N.....b-.h.".....R'.b.n...!.T#..N.G.a..UEg.DZ.3.....OtC{......+.7.......E.$...

                                                                                                                                                                                                        Chrome Cache Entry: 978

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (936)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):5863
                                                                                                                                                                                                        Entropy (8bit):5.542506058381083
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:ercpdAw1xFVObY2GhlzSSt0531195315WnGIjkC4EBBIjKuKSwXr6:ekdAMFVObY2GjDm19D5WnGIj8OByKD6
                                                                                                                                                                                                        MD5:F3356B556175318CF67AB48F11F2421B
                                                                                                                                                                                                        SHA1:ACE644324F1CE43E3968401ECF7F6C02CE78F8B7
                                                                                                                                                                                                        SHA-256:263C24AC72CB26AB60B4B2911DA2B45FEF9B1FE69BBB7DF59191BB4C1E9969CD
                                                                                                                                                                                                        SHA-512:A2E5B90B1944A9D8096AE767D73DB0EC5F12691CF1AEBD870AD8E55902CEB81B27A3C099D924C17D3D51F7DBC4C3DD71D1B63EB9D3048E37F71B2F323681B0AD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js
                                                                                                                                                                                                        Preview:(function(){'use strict';/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var e=this||self;function f(c,b){c=c.split(".");var a=e;c[0]in a||"undefined"==typeof a.execScript||a.execScript("var "+c[0]);for(var d;c.length&&(d=c.shift());)c.length||void 0===b?a[d]&&a[d]!==Object.prototype[d]?a=a[d]:a=a[d]={}:a[d]=b}.;var g={YEAR_FULL:"y",YEAR_FULL_WITH_ERA:"y G",YEAR_MONTH_ABBR:"MMM y",YEAR_MONTH_FULL:"MMMM y",YEAR_MONTH_SHORT:"MM/y",MONTH_DAY_ABBR:"MMM d",MONTH_DAY_FULL:"MMMM dd",MONTH_DAY_SHORT:"M/d",MONTH_DAY_MEDIUM:"MMMM d",MONTH_DAY_YEAR_MEDIUM:"MMM d, y",WEEKDAY_MONTH_DAY_MEDIUM:"EEE, MMM d",WEEKDAY_MONTH_DAY_YEAR_MEDIUM:"EEE, MMM d, y",DAY_ABBR:"d",MONTH_DAY_TIME_ZONE_SHORT:"MMM d, h:mm\u202fa zzzz"},h=g;h=g;var k={ERAS:["BC","AD"],ERANAMES:["Before Christ","Anno Domini"],NARROWMONTHS:"JFMAMJJASOND".split(""),STANDALONENARROWMONTHS:"JFMAMJJASOND".split(""),MONTHS:"January February March April May June July August September October November December

                                                                                                                                                                                                        Chrome Cache Entry: 979

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1116)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):74033
                                                                                                                                                                                                        Entropy (8bit):5.496125678356682
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:4GIr9iykWXc8VV4ucbxiyXdpGupDMbSrOLR0QZWtPWDG4nFjI9rkiDyVO9HI4Ckn:h45nb3nxQIiENg5Bi+C02by5
                                                                                                                                                                                                        MD5:1D50E206021F1BBACF8EC3080B04264A
                                                                                                                                                                                                        SHA1:5024B3A6930C7F8D47DE1472B38BA590A657F882
                                                                                                                                                                                                        SHA-256:9EE512AE80E59BE486F738680AA45ED4E31E7458A0B48F40128637B772224261
                                                                                                                                                                                                        SHA-512:5E065ED27D57432099060906B79C5B4849236CEE091C7FEDD8D57FC5732E5746AC5E5366497C4F31AE7A79D52EDF82104463A8E042D411820B219940BF2A9684
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&family=YouTube+Sans:wght@300..900&display=swap
                                                                                                                                                                                                        Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */./* cyrillic-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. f

                                                                                                                                                                                                        Chrome Cache Entry: 980

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (405)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1600
                                                                                                                                                                                                        Entropy (8bit):5.234459115233662
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:24:kMYD7i1NPxJ3nktBNuryNPxyhzs/fdkTRxuAoMylW6MumIcu2yNPxxQ34OZI86y2:o7iHY0rs9ORxvoMylxr2sQJ7DNzfrw
                                                                                                                                                                                                        MD5:967DFEEC6A7FD39DC7FE665E776702E2
                                                                                                                                                                                                        SHA1:AA15F9DF789871C3AFAC0D31962E1E71F1D9CD58
                                                                                                                                                                                                        SHA-256:D432D0BB701BE738D8E070DBFAEE681AB412F157E5ADBC63099309FC2DFF6252
                                                                                                                                                                                                        SHA-512:461D5EE5A265CD8DEFD3EB0C286DAA5DAC8C115621CA9420694DA308093C0DA6280B3366B3C1ED5B4BF106CB2BC9AAB827E63B36D4E71447153581ADB18298AA
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJlmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHX7bqWFdDNmEBWjhJk6Qjl972aUA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.uf(_.hia);_.Yv=function(a){_.I.call(this,a.Ha);this.aa=a.Xa.cache};_.B(_.Yv,_.I);_.Yv.Oa=_.I.Oa;_.Yv.Ba=function(){return{Xa:{cache:_.gp}}};_.Yv.prototype.execute=function(a){_.wb(a,function(b){var c;_.qe(b)&&(c=b.Za.Nb(b.fb));c&&this.aa.JC(c)},this);return{}};_.Lq(_.Cia,_.Yv);._.l();._.k("VwDzFe");.var KE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.Oq;this.ea=a.Ea.metadata;this.da=a.Ea.Fq};_.B(KE,_.I);KE.Oa=_.I.Oa;KE.Ba=function(){return{Ea:{Oq:_.kE,metadata:_.lUa,Fq:_.hE}}};KE.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.wb(a,function(c){var d=2===b.ea.getType(c.Bd())?b.aa.fc(c):b.aa.aa(c);return _.Tj(c,_.lE)?d.then(function(e){return _.Wc(e)}):d},this)};_.Lq(_.Hia,KE);._.l();._.k("sP4Vbe");._.kUa=new _.qk(_.Dia);._.l();._.k("A7fCU");.var pE=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.nL};_.B(pE,_.I);pE.Oa=_.I.Oa;pE.Ba=function(){r

                                                                                                                                                                                                        Chrome Cache Entry: 981

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):32988
                                                                                                                                                                                                        Entropy (8bit):2.0287505263352568
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:N+rhBJGfnnXXXXXXXxbD3Sack0nYmbYGYGbYmnbWozHGGGGGcdUWLWHt6uKuGcGj:NwhBJKBZznTMdcGwGD
                                                                                                                                                                                                        MD5:3D0E5C05903CEC0BC8E3FE0CDA552745
                                                                                                                                                                                                        SHA1:1B513503C65572F0787A14CC71018BD34F11B661
                                                                                                                                                                                                        SHA-256:42A498DC5F62D81801F8E753FC9A50AF5BC1AABDA8AB8B2960DCE48211D7C023
                                                                                                                                                                                                        SHA-512:3D95663AC130116961F53CDCA380FFC34E4814C52F801DF59629EC999DB79661B1D1F8B2E35D90F1A5F68CE22CC07E03F8069BD6E593C7614F7A8B0B0C09FA9E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.licdn.com/sc/h/3m4lyvbs6efg8pyhv7kupo6dh
                                                                                                                                                                                                        Preview:......@@.... .(@..F... .... .(...n@........ .(....P........ .(....Y..(...@......... ..............................v...v...v..w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...v..v...v.......v...v..w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...v..v...v...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...v...v..w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w...w

                                                                                                                                                                                                        Chrome Cache Entry: 982

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (645)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):11085
                                                                                                                                                                                                        Entropy (8bit):5.397976873792712
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:8losmj1Uqu+oCNLuZ08MnpAqntHMfG0v8X6JPRAkZE:JUEoCNLDpN8G0vDn9K
                                                                                                                                                                                                        MD5:CE762A9D30D6C70BB0516E8CEFC958BF
                                                                                                                                                                                                        SHA1:DA6CAC9C717DAA3A39F82F3421782C99EDD9329D
                                                                                                                                                                                                        SHA-256:A9FC343D602527A427E57671D021524A9FF5AF7B3DF1A58900A3B01057BDD8C7
                                                                                                                                                                                                        SHA-512:230753FBB26E90438DD43874D02FBBB1AD6DB9A0FE76DA978EA47A8CA06FC99DD5E475104ABB5DD25CE222423D9BDA7991FD0EE896386561CD6F9AC10F8932E2
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.youtube.com/s/desktop/87423d78/jsbin/www-tampering.vflset/www-tampering.js
                                                                                                                                                                                                        Preview:(function(){'use strict';function n(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var p="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function q(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var r=q(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var e=0;e<a.length-1;e++){var h=a[e];if(!(h in c))break a;c=c[h]}a=a[a.length-1];e=c[a];b=b(e);b!=e&&null!=b&&p(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(l){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(e+(l||"")+"_"+h++,l)}.function c(l,m){this.g=l;p(this,"description",{configurable:!0,writable:!0,value:m})}.if(a)

                                                                                                                                                                                                        Chrome Cache Entry: 983

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1299)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):114292
                                                                                                                                                                                                        Entropy (8bit):5.5528653263166285
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:BfaN1hvawAB3MAYcKh+CY0YcQ1rFPyY5c/F1FRLf+aD3Wp94yXCQC4NIT3PTtSGa:BfaNbAB3IacQLiPFRLf+e3g9bXcAITk
                                                                                                                                                                                                        MD5:EA5144AB403234BE650A76530D1CB29D
                                                                                                                                                                                                        SHA1:67DEE97C0AE2F912CE9F4CB1ADB9181857A01DF3
                                                                                                                                                                                                        SHA-256:6EA25790432AA3DF786FF6518EAE8400D61081EE2A2206082C24B3FC6D4705DF
                                                                                                                                                                                                        SHA-512:74998F4A928418639BCC2C4EE5BE2DABDC01D5D4C5E3C69BA606E9A0757D173EC542BBD3BD2CFC31CBC17057B421773778997A80F1C4925022DEE0A0B4CA0241
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=AvtSve,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bSspM,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,lsjVmc,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,qmdT9,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,Rusgnf,Ctsu,UPKV3d,bPkrc,W2YXuc,pxq3x,IZ1fbc,soHxf,kSPLL,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ltDFwf");.var Atb=_.y("ltDFwf");var AU=function(a){_.J.call(this,a.Ha);var b=this.oa();this.pb=this.Qa("P1ekSe");this.mb=this.Qa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.zb("B6Vhqe");this.Ma=b.zb("juhVM");this.ta=b.zb("D6TUi");this.aa=b.zb("qdulke");this.La=0!==this.da;this.Ka=1!==this.ja;this.Fa=[];this.ea=_.$r(this).fc(function(){this.Fa.length&&(this.Fa.forEach(this.f9,this),this.Fa=[]);this.La&&(this.La=!1,_.Bq(this.pb,"transform","scaleX("+this.da+")"));this.Ka&&.(this.Ka=!1,_.Bq(this.mb,"transform","scaleX("+this.ja+")"));_.$q(b,"B6Vhqe",this.Ca);_.$q(b,"D6TUi",this.ta);_.$q(b,"juhVM",this.Ma);_.$q(b,"qdulke",this.aa)}).build();this.ea();_.zg&&_.$r(this).fc(function(){b.ob("ieri7c")}).Ae().build()();_.ez(this.oa().el(),this.Sa.bind(this))};_.B(AU,_.J);AU.Ba=_.J.Ba;.AU.prototype.Sa=function(a,b){Btb(

                                                                                                                                                                                                        Chrome Cache Entry: 984

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:PNG image data, 25 x 64, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):804
                                                                                                                                                                                                        Entropy (8bit):5.9272601627884605
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:6v/7ykl/f/je0aVMrCwGPlc+Zen0JTSdoc9EdyBw3w6xuS8SNGqsaNg:onBaVHwGPlxen0NSucwXoSJN+8g
                                                                                                                                                                                                        MD5:C156C107AE735C5F3813220235E0D11E
                                                                                                                                                                                                        SHA1:F655A14E144551432AAE9BA0A7FE0E237A65AE51
                                                                                                                                                                                                        SHA-256:D75C74B337113A0C65EBFF05ED63A487A0E158BC7246B987A28943667DF46C5B
                                                                                                                                                                                                        SHA-512:A2729CA423327C0855BDC68374AE0EA6B211043EBD39A63B7248BF4E288B9641BF3F827EA01C4FB0444BCFBC68B6E06B51EEDE746668F14D4F7225B9B941CC81
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/q8Uic1K195T.png
                                                                                                                                                                                                        Preview:.PNG........IHDR.......@......,n....PLTEGpL....................................................................................................................................................................................................................................................^.g...QtRNS..d....(..........B...:.>...0..XVLJ|<.t....Rv....6D4n.......@x.8...h..\... .NJ.!V....IDATx^...@...4Q@.yf.:1l.9.../3.M...l..U.#........$?...........kI]|.$GI&#.{.R..../d7$..x!.c..X..\B>...x./..X..[....SQ!@c\%..RNr"rrv.!.b.%.......j...n,...u..*).y.]."..r.b..P...B.FU....`.........s...,..y..(.3...!$.. ....F.(.a...g.?R.F.B:....$C...t...........\..N....c..2..`..VH.1..mF>.....t.L.MxDY....Y..U.6.$...O.(.....U.)/.e.mk..$.^.N....-........:.U.d.7...yp_i...Y.z....t..=...f#Q....IEND.B`.

                                                                                                                                                                                                        Chrome Cache Entry: 985

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (709)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):3940
                                                                                                                                                                                                        Entropy (8bit):5.103789867340088
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:KOR0kZK2BOR0kFrVkzzQxPYqX9q2lqAEY8HIXOYl6nMLycA1:FVmRqb7Njnsq
                                                                                                                                                                                                        MD5:B0941BDD004E6C28F0CB205A95383022
                                                                                                                                                                                                        SHA1:00FDEBE11357C6D69F38060AEA80C20B59E70377
                                                                                                                                                                                                        SHA-256:0B7A91A97CF2FC8E74DEE6DA487581FF30FC5A484F030937E7EF4B4DE5AB4771
                                                                                                                                                                                                        SHA-512:8079DE1D8C68AFCD21C2E06CB73572E9A617AB949AD9CAD22C9D12CF495D852CFDF7114080DC29F211C9960084F9A2A053FA53D2B2938C3467D0FA958336C8DD
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/EZcFVpNhrUH.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                        Preview:;/*FB_PKG_DELIM*/..__d("CometVideoHomeCatalogRootQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="7332904830081595"}),null);.__d("CometVideoHomeCatalogRootQuery$Parameters",["CometVideoHomeCatalogRootQuery_facebookRelayOperation","StoriesRing.relayprovider"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("CometVideoHomeCatalogRootQuery_facebookRelayOperation"),metadata:{},name:"CometVideoHomeCatalogRootQuery",operationKind:"query",text:null,providedVariables:{__relay_internal__pv__StoriesRingrelayprovider:b("StoriesRing.relayprovider")}}};e.exports=a}),null);.__d("CometVideoHomeLiveRootQuery_facebookRelayOperation",[],(function(a,b,c,d,e,f){e.exports="8274177899276614"}),null);.__d("CometVideoHomeLiveRootQuery$Parameters",["CometVideoHomeLiveRootQuery_facebookRelayOperation","StoriesRing.relayprovider"],(function(a,b,c,d,e,f){"use strict";a={kind:"PreloadableConcreteRequest",params:{id:b("CometVideoHomeLiveRootQuery_facebookRelay

                                                                                                                                                                                                        Chrome Cache Entry: 986

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:PNG image data, 144 x 144, 8-bit colormap, non-interlaced
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):729
                                                                                                                                                                                                        Entropy (8bit):7.234317148111566
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:6v/753iqqqqqqqqqqqqqq8apRTOe/RlzL064pdYTCrQQXHth6oHS0iwPuOb254iu:u3iqqqqqqqqqqqqqq8sdOe/RBL0NpdAM
                                                                                                                                                                                                        MD5:F6E5A9215D13C4AEF31D125532228410
                                                                                                                                                                                                        SHA1:CF2AA58CCDDC2B414CAD4A28394EF66CD2AE9FFF
                                                                                                                                                                                                        SHA-256:8639DB0DBAA462E7BC11D7884C3A6CB84275DC988811CD2BFAF5CF2E65BC0FE0
                                                                                                                                                                                                        SHA-512:2468FD00812806E44A2EB1AEF7F408D643DCFBEE655802E69B62DCE21F84AE3EC6E50F6612F332CB35FF53EC4792104C27DFD6DA36327FBEADE9D7FABC7C3412
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://www.gstatic.com/youtube/img/branding/favicon/favicon_144x144.png
                                                                                                                                                                                                        Preview:.PNG........IHDR...................cPLTE.......................................................PP.......... ..........@@....``.00.......pp........tRNS.@0 p.....P..`....Y.....IDATx...Ub.0.EQC.(.2..W9%......Y...eg.1..c.1H.C..$z.. ?......M.*.....R.. +.}.}t_0.m#.....T.....gje.9.7u..%.7...y..Q.D.Z..^vW..x......(.G..!R^..)..j4P...B.(H...igA(j.d...?...,.....DM8ZZ........:8...uCG.'...P....\....=..\<.\......=c.......H..`...+YD_.H...6vHa ur.....&.vJ.@.R.p..Ni.@.)..i......#.vJ.@.)...tJ......+..*.....-.S#...u.....}-.\.N..{.....m._.A.."n)..l...a...CmzV.ma....-D..K.....3...x...VH.i...V.2..u2..).J..cU4.....VX......\BC.`...V..:.(:.Y.(..h.O.\..dcC.Q..:..~Lm..&..{v]z0....9=....-/.O.g.1..c.1D..b..;...F....IEND.B`.

                                                                                                                                                                                                        Chrome Cache Entry: 987

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1299)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):114247
                                                                                                                                                                                                        Entropy (8bit):5.544641603898549
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:phAG62BDU8LQ5LK+I3cJUmYMWqdYyUpVh:vAd4UuQ5LK+I3cJxYMFdYL
                                                                                                                                                                                                        MD5:8C532C1B272F9FBC389D7057F53FF028
                                                                                                                                                                                                        SHA1:9ABF44513BD132FCC623C1C7E16440FF36A8E865
                                                                                                                                                                                                        SHA-256:A1AF49D5C704C39091894150E9D3005454915DD88E1C482AD1CFC3FC4C9F0C6C
                                                                                                                                                                                                        SHA-512:BE5EA13ADA16191A029B2631B3472ADA1968902BC9DE9E7340597256EA8B6F52582E78D455787371BFA24B630ED9C021BBBC1DD45ED052DE82D7E9B21C71AFBE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bSspM,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,lsjVmc,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,qmdT9,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,Rusgnf,Ctsu,UPKV3d,bPkrc,W2YXuc,pxq3x,IZ1fbc,soHxf,kSPLL,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ltDFwf");.var hub=_.y("ltDFwf");var tU=function(a){_.J.call(this,a.Ha);var b=this.oa();this.pb=this.Qa("P1ekSe");this.mb=this.Qa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.zb("B6Vhqe");this.Ma=b.zb("juhVM");this.ta=b.zb("D6TUi");this.aa=b.zb("qdulke");this.La=0!==this.da;this.Ka=1!==this.ja;this.Fa=[];this.ea=_.xs(this).hc(function(){this.Fa.length&&(this.Fa.forEach(this.a9,this),this.Fa=[]);this.La&&(this.La=!1,_.Zq(this.pb,"transform","scaleX("+this.da+")"));this.Ka&&.(this.Ka=!1,_.Zq(this.mb,"transform","scaleX("+this.ja+")"));_.xr(b,"B6Vhqe",this.Ca);_.xr(b,"D6TUi",this.ta);_.xr(b,"juhVM",this.Ma);_.xr(b,"qdulke",this.aa)}).build();this.ea();_.Yg&&_.xs(this).hc(function(){b.ob("ieri7c")}).Ae().build()();_.cA(this.oa().el(),this.Sa.bind(this))};_.A(tU,_.J);tU.Ba=_.J.Ba;.tU.prototype.Sa=function(a,b){iub(

                                                                                                                                                                                                        Chrome Cache Entry: 988

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x380, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):17093
                                                                                                                                                                                                        Entropy (8bit):7.96447068998705
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:BrOyiiDdL2uQkJqI/DNBriI15Ky782Ifkxy0W1GyR:BqiMuQUn+Iuj22uVuPR
                                                                                                                                                                                                        MD5:61CEACC04F220A519AFE2A778D67F137
                                                                                                                                                                                                        SHA1:D5C38258BE80421C2CFA8EE674CE404C8539ADD8
                                                                                                                                                                                                        SHA-256:02BF863416B9F4287206C37F71BED91EE74895F835B9780C4D805339697A9CCD
                                                                                                                                                                                                        SHA-512:9D88C25A70FD5F7C7383B346531A904EF5401A95EB0C0213288C6533C52B7E0C1C58CA8EE441AC070ED100F0BFA391AD60F9EC34585352739A4AD3B70D074501
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t15.5256-10/426161004_5458613074262219_5404325336876649558_n.jpg?stp=dst-jpg_p206x206&_nc_cat=109&ccb=1-7&_nc_sid=1a7029&_nc_ohc=qMp6reqdBbMAX9f8Hsn&_nc_ht=scontent-lga3-2.xx&oh=00_AfBU_SkaWyL_Y7s1XcAO7mCAeid69yPLDcmSSvrJYg_qqA&oe=65DA3DD4
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a700100001907000022100000b811000032130000ac1b0000fa280000142a0000d42b00006c2d0000c5420000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......|...."...............................................................................V.:...QZ./@.<..[..r....B<..Z.!t./i.Wq.....s.....;nxN........O.....t.....k..y..q.<..a.F..bo?.Q,v...G.sm..7..>).Y.d........T...K..'.........H..m..m8{!..6.g...m..#...^T.I...........{UC...m......e....u....x.....q$.....G.'...]; "`.[).-.3..D..m...\.).]=..{.V...~2...g....oD.....3.Sm.m.(.C.y.......x..?....v.N..5+.d........z.f_Q.sD...A..v...]...G..7I...O=...[.n..q^....=..+l..,..t..~...$8........\h...L../.I.l...#...\...S.C....G.N.|uf.h..M.._.8rTtwY...Q.~..P.R...b..}.sz>....4{;..+C....';.R%8..k...'Jpa^[)...j:....XR.J....'.!.q.lq.X.\G..at.2........3.^......p...v.yp...C.^ZR..!^_@...Z...k.;.v-Sa

                                                                                                                                                                                                        Chrome Cache Entry: 989

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (16331)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):738838
                                                                                                                                                                                                        Entropy (8bit):5.72730112663479
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:ak162hzLiYeWJrJdH+ArOzIzLu9D4foBC1QVziBTJIK5+MHJw:akvtL48dtoBXVzixZpw
                                                                                                                                                                                                        MD5:967CA4800E9DA13F9B910A870450F28E
                                                                                                                                                                                                        SHA1:799A227041FB696A1465AA8EF41A7C88156D0C4C
                                                                                                                                                                                                        SHA-256:DD7169B02CC269030C9B3D95DC0B83F01234A6431886269EC2447EBD7C43F792
                                                                                                                                                                                                        SHA-512:7ECF38D4245E8D908605F0AD4F895F6A53C02405F68E9E7C313A930ACBD0575BBB2A0F7661BDFA6FFBCA1D73940995F11176A143729E231B25135A350024A6C9
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,fJpY1b,b3kMqb,EGw7Od,ZUKRxc,my67ye,t2srLd,EN3i8d,hmHrle,mWLH9d,NOeYWe,O6y8ed,fqEYIb,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,lwddkf,SpsfSb,fFzhe,tUnxGc,aW3pY,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,xBaz7b,eVCnO,LDQI"
                                                                                                                                                                                                        Preview:"use strict";_F_installCss(".O0WRkf{-webkit-user-select:none;transition:background .2s .1s;border:0;border-radius:3px;cursor:pointer;display:inline-block;font-size:14px;font-weight:500;min-width:4em;outline:none;overflow:hidden;position:relative;text-align:center;text-transform:uppercase;-webkit-tap-highlight-color:transparent;z-index:0}.A9jyad{font-size:13px;line-height:16px}.zZhnYe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);background:#dfdfdf;box-shadow:0px 2px 2px 0px rgba(0,0,0,.14),0px 3px 1px -2px rgba(0,0,0,.12),0px 1px 5px 0px rgba(0,0,0,.2)}.zZhnYe.qs41qe{transition:box-shadow .28s cubic-bezier(0.4,0,0.2,1);transition:background .8s;box-shadow:0px 8px 10px 1px rgba(0,0,0,.14),0px 3px 14px 2px rgba(0,0,0,.12),0px 5px 5px -3px rgba(0,0,0,.2)}.e3Duub,.e3Duub a,.e3Duub a:hover,.e3Duub a:link,.e3Duub a:visited{background:#4285f4;color:#fff}.HQ8yf,.HQ8yf a{color:#4285f4}.UxubU,.UxubU a{color:#fff}.ZFr60d{position:absolute;top:0;right:0;bottom:0;left:0;background-color:tran

                                                                                                                                                                                                        Chrome Cache Entry: 990

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):20006
                                                                                                                                                                                                        Entropy (8bit):7.965359928567157
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:txbZmQhe06fUZwJJe2Dbv4Tnh6EFencuLxqUxoo:PZ7V68ZwK8D4cRT
                                                                                                                                                                                                        MD5:D5ECA2F23A7078BED3070EBC84EA96E8
                                                                                                                                                                                                        SHA1:C322C7FA7073B8576066240B3FB127A8DB2779F4
                                                                                                                                                                                                        SHA-256:60036F5D1BF9DBB2AED8ADFC19A9837235704A31D55EEBDA9C3E1C9ECECC3781
                                                                                                                                                                                                        SHA-512:58E387398E64EFFE7228E62356DB4F68D5645081DE5EBF7123FB81F521EC5BE5F7BA72098844806761DB25452FE2FD4C57F3069160D3AEBB1F348F0765284C8E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t51.29350-10/428232266_1390459045167512_3345950587786141943_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=FPvTVhhqGEQAX_RRQ56&_nc_ht=scontent-lga3-2.xx&oh=00_AfDOhDFkLhGQRT2_cjmdnqK9hkNG4iQLIwiXg_21o45BwQ&oe=65DB0A38
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f010000c2060000ce10000023120000a11300002b2000007a3000008d3100000b330000a0340000264e0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."................................................................................K....Lws.*]..4aA"E("_..zZ.i....c.\Bp..........3..u.g_..>}...K...^....P......=uC(..x<.G...v............<..d..S..M..n..&.1.....>o........A..........F.O=.{b....nJ."....:..o...$..U...s..]....s ...G.y.M....n.K...n..$..XV...n].&.,..C.R+.....]..fj3K/F(&.Z.S.......J.....'$9.^..)....._......2`..a...9..H.8$|.....u.....2.Q......n.......L#@...~.0..vKM...C5. |E..i.`.9 g8....;O.........QY....^.l.Q..d..l.....8../..\....;.+b..P...LN........rt..75.e.Ir..[,......~A.n/.t.V)>.H.;....Z....n.SD.......RF.O3.*....k.b7T..!....ll...\9..,..d..n....l....O...M}I%.@...j...J.m.tj,.%JQ..~..l.>...>.P.n.N....s...j*.

                                                                                                                                                                                                        Chrome Cache Entry: 991

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 206x366, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):16238
                                                                                                                                                                                                        Entropy (8bit):7.9560567321793325
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:384:1UugLgikJ0BfImMpaIhZsArQGqBhbEliTrb9MZst1mWewzvdN:2JF8JpfHbQGTO/9oO1mnON
                                                                                                                                                                                                        MD5:8C12AD7947D65186E30188F679B8CF04
                                                                                                                                                                                                        SHA1:DB9400BCE0C384875CC9C57FFAA1122FA312CA21
                                                                                                                                                                                                        SHA-256:808CA800D8D06F4FB60B80DA2520234C98BF3840F1866891B129D90090E21451
                                                                                                                                                                                                        SHA-512:DF384249DDB2EC2E11B8259AC36AC38CCEBD99838FAB84EF2A271C644822D4C98B041137AEA33A090DBE73A520BB0A78D64ECCE3AF997010050FA65BB3AC4D9A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t51.29350-10/428123856_900816005075294_7181717207666543197_n.jpg?stp=dst-jpg_p206x206&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=Dnhk7bfE0acAX-DPRwy&_nc_ht=scontent-lga3-2.xx&oh=00_AfAE9C8SFL621u4Q58B4bQYUcMoDip1VpTQAvLFXEz3WvA&oe=65DB89CA
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6f01000062060000100f0000361000006811000011190000ed250000fc26000089280000272a00006e3f0000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......n...."..............................................................................p..S8U.z..Nj..pww.wp...S.;..........T.K...@.KdeJZ.V-. %)...h+.j.p.3.\.}:"..<..f.4...D..Z...w....%..@&.....j..5.$5.45.$9..9..:D."d..mr&.^K..9yG..,*#f.V\.C...(..M.Vn....9.....ej}"H.3....O.....s.xs&.h.Q./4....#..!b...:.L.:K9i.-.T.}S....9..c........|)RS...~..kE.Q.....eN.....m.U.l@?H.{..G.*.p.....Y.o.).9^..T.h..Id..D..V..a*Q.~U..Y.!;X. .......u..s8...,..L..X.....9.ji..c..3=<...X9..........;...@.#.... \..6.nc`xu.5.,.iU-^N0....=vu.....x..5^...e.Ql........&..o.>.}q.K..Et..cF.E.$^...v8.d.Xs...pW.}..a...[V.*.3.y...vL....q.i.u.b.5.t..../<.......m.....2Z.E.N.*.V..f..!..gO..n.O_..^>..-c.c..\&.[Z.....

                                                                                                                                                                                                        Chrome Cache Entry: 992

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1299)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):114247
                                                                                                                                                                                                        Entropy (8bit):5.544641603898549
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:phAG62BDU8LQ5LK+I3cJUmYMWqdYyUpVh:vAd4UuQ5LK+I3cJxYMFdYL
                                                                                                                                                                                                        MD5:8C532C1B272F9FBC389D7057F53FF028
                                                                                                                                                                                                        SHA1:9ABF44513BD132FCC623C1C7E16440FF36A8E865
                                                                                                                                                                                                        SHA-256:A1AF49D5C704C39091894150E9D3005454915DD88E1C482AD1CFC3FC4C9F0C6C
                                                                                                                                                                                                        SHA-512:BE5EA13ADA16191A029B2631B3472ADA1968902BC9DE9E7340597256EA8B6F52582E78D455787371BFA24B630ED9C021BBBC1DD45ED052DE82D7E9B21C71AFBE
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=AvtSve,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bSspM,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,lsjVmc,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,qmdT9,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,Rusgnf,Ctsu,UPKV3d,bPkrc,W2YXuc,pxq3x,IZ1fbc,soHxf,kSPLL,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ltDFwf");.var hub=_.y("ltDFwf");var tU=function(a){_.J.call(this,a.Ha);var b=this.oa();this.pb=this.Qa("P1ekSe");this.mb=this.Qa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.zb("B6Vhqe");this.Ma=b.zb("juhVM");this.ta=b.zb("D6TUi");this.aa=b.zb("qdulke");this.La=0!==this.da;this.Ka=1!==this.ja;this.Fa=[];this.ea=_.xs(this).hc(function(){this.Fa.length&&(this.Fa.forEach(this.a9,this),this.Fa=[]);this.La&&(this.La=!1,_.Zq(this.pb,"transform","scaleX("+this.da+")"));this.Ka&&.(this.Ka=!1,_.Zq(this.mb,"transform","scaleX("+this.ja+")"));_.xr(b,"B6Vhqe",this.Ca);_.xr(b,"D6TUi",this.ta);_.xr(b,"juhVM",this.Ma);_.xr(b,"qdulke",this.aa)}).build();this.ea();_.Yg&&_.xs(this).hc(function(){b.ob("ieri7c")}).Ae().build()();_.cA(this.oa().el(),this.Sa.bind(this))};_.A(tU,_.J);tU.Ba=_.J.Ba;.tU.prototype.Sa=function(a,b){iub(

                                                                                                                                                                                                        Chrome Cache Entry: 993

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1631)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):38674
                                                                                                                                                                                                        Entropy (8bit):5.373344735979869
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:AOZQqlnxITA3+sypwDMBub/6rur81gE0idWSBiHLztbyHgNkmtCgs+FwtNmle:efY+3g/br8qaWSBiHLRGHEbtCgKJ
                                                                                                                                                                                                        MD5:9FB0BDB3A292F495914A785280685816
                                                                                                                                                                                                        SHA1:2FBAC1566F42B41D336C3CEF46085A8ABA5291F4
                                                                                                                                                                                                        SHA-256:8B94EC92B902A78BB5DCF8A9A5CF00B3F693738608FE110FF77A2E90FA62AA09
                                                                                                                                                                                                        SHA-512:94E76518978E828E0EAA8B95C807E55DBF4E0EBA201FF5057906482AD5F57D2D2A6BA98F0EE16476688E3B5013525D06EAED692C6B795DAAE635F67B8CD100F7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.QKwFb1UtQb4.es5.O/ck=boq-identity.AccountsSignInUi.NrxHlLi3bwM.L.B1.O/am=P2CJhmMBEJhZTvP3jJPDAAAAAAAAAAAAawA7/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlG2bCygi1DFAdwYKgmmvgAMIJrIdw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.moa=function(a){var b=0,c;for(c in a)b++;return b};_.noa=function(a){return a.Vg&&"function"==typeof a.Vg?a.Vg():_.ka(a)||"string"===typeof a?a.length:_.moa(a)};_.vn=function(a){if(a.Mg&&"function"==typeof a.Mg)return a.Mg();if("undefined"!==typeof Map&&a instanceof Map||"undefined"!==typeof Set&&a instanceof Set)return Array.from(a.values());if("string"===typeof a)return a.split("");if(_.ka(a)){for(var b=[],c=a.length,d=0;d<c;d++)b.push(a[d]);return b}return _.yb(a)};._.ooa=function(a){if(a.Lg&&"function"==typeof a.Lg)return a.Lg();if(!a.Mg||"function"!=typeof a.Mg){if("undefined"!==typeof Map&&a instanceof Map)return Array.from(a.keys());if(!("undefined"!==typeof Set&&a instanceof Set)){if(_.ka(a)||"string"===typeof a){var b=[];a=a.length;for(var c=0;c<a;c++)b.push(c);return b}return _.zb(a)}}};.var poa,soa,roa,qoa,Ln,Nn,Eoa,voa,xoa,woa,Aoa,yoa;poa=function(a,b,c){if(b)re

                                                                                                                                                                                                        Chrome Cache Entry: 994

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (49034)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):592331
                                                                                                                                                                                                        Entropy (8bit):5.292387152328404
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:vofCO7sBbGEdIJ0yzTBC+UOM7LX84WxlMJvxHTIXzCZlIkyr9L2ucD+XB7b7k9lV:SsBJsVc+UjLC28XzoIk09aucD+XtmlV
                                                                                                                                                                                                        MD5:EC8AD554FE5E2D83824855338EDB1DFD
                                                                                                                                                                                                        SHA1:FABF297435FED12D987FB5AB6701C93E720159D2
                                                                                                                                                                                                        SHA-256:BB8E6F96071C890065466ED3BB839D1F62349141F9F6F470632C86FD056EDDE4
                                                                                                                                                                                                        SHA-512:253DBA48D2C888D09B25038571A80C84D7BCE94802ECD2711EAECCC4A85CDD71F884F70E85CB5448F2BA224EE7E9890C752DCFB0F30BF89414AF312F27555783
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://static.xx.fbcdn.net/rsrc.php/v3/y6/l/0,cross/SHRN-LPzcY0.css?_nc_x=Ij3Wp8lg5Kz"
                                                                                                                                                                                                        Preview:form{margin:0;padding:0}label{color:#606770;cursor:default;font-weight:600;vertical-align:middle}label input{font-weight:normal}textarea,.inputtext,.inputpassword{-webkit-appearance:none;border:1px solid #ccd0d5;border-radius:0;margin:0;padding:3px}textarea{max-width:100%}select{border:1px solid #ccd0d5;padding:2px}input,select,textarea{background-color:#fff;color:#1c1e21}.inputtext,.inputpassword{padding-bottom:4px}.inputtext:invalid,.inputpassword:invalid{box-shadow:none}.inputradio{margin:0 5px 0 0;padding:0;vertical-align:middle}.inputcheckbox{border:0;vertical-align:middle}.inputbutton,.inputsubmit{background-color:#4267b2;border-color:#DADDE1 #0e1f5b #0e1f5b #d9dfea;border-style:solid;border-width:1px;color:#fff;padding:2px 15px 3px 15px;text-align:center}.inputaux{background:#ebedf0;border-color:#EBEDF0 #666 #666 #e7e7e7;color:#000}.inputsearch{background:#FFFFFF url(/rsrc.php/v3/yL/r/unHwF9CkMyM.png) no-repeat left 4px;padding-left:17px}.html{touch-action:manipulation}body{back

                                                                                                                                                                                                        Chrome Cache Entry: 995

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 541x960, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):70449
                                                                                                                                                                                                        Entropy (8bit):7.974128847108941
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:hfXQMvfILn7/W6n7pbnKmBGpsE5kSVbQuDQ3iDHmbnsgn2isjehsfH:NH6n7/WURnxsm+Vk0za96jeev
                                                                                                                                                                                                        MD5:F1F40CE487FDB9DD9238EDF1DA7D0614
                                                                                                                                                                                                        SHA1:32CE47F56D5FB3D3BDA5EAD4C0F85842DFEE6697
                                                                                                                                                                                                        SHA-256:E79DDFD320C7454FCFC2280759220447565DF5E16303CA1029950B9423BF3D22
                                                                                                                                                                                                        SHA-512:09179EEF517D6517E01E0D1884CF0940248B663F8234B8824B727D5D433069F8FA289AD74FA3FB0E5CE0703EBD30EF042BE800FD6AC1BE33A8CF11F7BC1572E3
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t51.29350-10/429155450_942910760548187_408312977174909056_n.jpg?stp=dst-jpg_s960x960&_nc_cat=1&ccb=1-7&_nc_sid=1a7029&_nc_ohc=_DL3gCyPSoQAX8-s81_&_nc_ht=scontent-lga3-2.xx&oh=00_AfAEpKE-lGj58AXeke7FnhcwpA9bLV02lTspjtVwf5WrvA&oe=65DBCDBF
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a70010000071c00003e420000624400002b4600002e5a0000b9960000ec9c000018a20000f9a6000031130100....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."...............................................................................$.j].K*].....WE.."UUV%..UtP..J$.\.......D..HK.I".P..%].n.T......Qu!*BT..."..RBI.%.K(J.....*..%@..BBT..$I!....*..*....-.....T.T.%BI*T....D....Q$..D..I.ud.....L@.....!.......u!*.*....I.$$.\..R.R.U..d..HJ..Q$.T.%C..VUWD.UI.$...U.Ct.].WE..5tP..R.%.*..J.....Qr.u!r..)%J%X.T.I.%%...$*.J.ug..eUp.tJ....!bBP..V$.....(HJ.D....W@....T$.....$.T.J.J..E.8L..p3YMg.A.En. .....H.I*..tI!r..tP..$%U.5(..@ %J%J.T...6$.D........$%]-Q<.7:\...i.g4.m(....%...pb.s.I%.$*HU].J.H]H.. .....!(n........B.QU....V\.\..6.}c^~....<..;..6..UQ&)3...'...5.ug.e.........ui$....`J..X.V$..hn..QrQu 5b@3.7.^[..k;.......m.......t.....G .0. .

                                                                                                                                                                                                        Chrome Cache Entry: 996

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (467)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1883
                                                                                                                                                                                                        Entropy (8bit):5.272533861322696
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:o7Y0+YhjHcL3A6Fw2FNWp7xOHAHfIt3Rrkx5lArw:oPHcL/Fc4HA/I25l0w
                                                                                                                                                                                                        MD5:962D83C1E94431815B5E4D41344544FC
                                                                                                                                                                                                        SHA1:08B95C7A5C5D18F31823908C07C4F5D662D868D9
                                                                                                                                                                                                        SHA-256:42799DF72F65B09FB3F22A265966BB14BB376691E1C3119F4D5D537628B27486
                                                                                                                                                                                                        SHA-512:C7E3B9DC2CCE90799252ED4418718CF52023EBFA23D3FE4576CF5B82E82CCDF2C7184E1989A3A3B91DBFE2FE72BBE7E8C7354F016F4FEE10B48CFA62F91C362D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJlmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlHublJNG6l_TtY5gqKGP1QzXq7-qQ/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.ZX=function(a){_.I.call(this,a.Ha);this.window=a.Ea.window.get();this.Ac=a.Ea.Ac};_.A(_.ZX,_.I);_.ZX.Na=_.I.Na;_.ZX.Ba=function(){return{Ea:{window:_.lr,Ac:_.kC}}};_.ZX.prototype.Gn=function(){};_.ZX.prototype.addEncryptionRecoveryMethod=function(){};_.$X=function(a){return(null==a?void 0:a.aq)||function(){}};_.aY=function(a){return(null==a?void 0:a.mca)||function(){}};_.bY=function(a){return(null==a?void 0:a.cq)||function(){}};._.Szb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.cY=function(a){setTimeout(function(){throw a;},0)};_.ZX.prototype.fJ=function(){return!0};_.ir(_.im,_.ZX);._.l();._.k("ziXSP");.var AY=function(a){_.ZX.call(this,a.Ha)};_.A(AY,_.ZX);AY.Na=_.ZX.Na;AY.Ba=_.ZX.Ba;AY.prototype.Gn=function(a,b,c){var d;i

                                                                                                                                                                                                        Chrome Cache Entry: 997

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:ASCII text, with very long lines (826)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):8035
                                                                                                                                                                                                        Entropy (8bit):5.326116877567392
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:pNBJ9Tx7uwdSRaZmE0038aItvixxzH4PAlIzBAWn/KrYBcD29Q/oRlPMdj:NfhuwdSRaz0X6zHmAlIzBAg/U7j
                                                                                                                                                                                                        MD5:2E3BCD65DA0340763C89F80490330A42
                                                                                                                                                                                                        SHA1:E675F695B01C12B0C2A612324C3DFAD32E6C35D6
                                                                                                                                                                                                        SHA-256:4BE289F884220CE74DC4CB6C410BC78F4DC67D9E5E8BE55E9E59A87DFA62A2CE
                                                                                                                                                                                                        SHA-512:61BE2DC7075F16BC9B4DD6C9B5C1A76C1F65D7D1A99D0843555B64F9283A195505FA966F0A7D3F3FB189483C5CF53C19D6429E773B2A554928A53DE5AE171D8C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.J6zlSvuPGsg.es5.O/ck=boq-identity.AccountsSignInUi.y688-Pa0BpE.L.B1.O/am=P2CJhmMBEISZlnP-nnFyGAAAAAAAAAAArAHs/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,XiNDcc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,iAskyc,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,ziXSP,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFQ8tmzv79x_nJGIapLTY1tp-HlWA/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:yt7X5e;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                                                                                                                                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.lLa=_.y("wg1P6b",[_.Px,_.km]);._.k("wg1P6b");.var u0a=function(a,b){b=b||_.La;for(var c=0,d=a.length,e;c<d;){var f=c+(d-c>>>1);var g=b(0,a[f]);0<g?c=f+1:(d=f,e=!g)}return e?c:-c-1},v0a=function(a,b){for(;b=b.previousSibling;)if(b==a)return-1;return 1},w0a=function(a,b){var c=a.parentNode;if(c==b)return-1;for(;b.parentNode!=c;)b=b.parentNode;return v0a(b,a)},x0a=function(a,b){if(a==b)return 0;if(a.compareDocumentPosition)return a.compareDocumentPosition(b)&2?1:-1;if(_.Yg&&!(9<=Number(_.hh))){if(9==a.nodeType)return-1;if(9==b.nodeType)return 1}if("sourceIndex"in.a||a.parentNode&&"sourceIndex"in a.parentNode){var c=1==a.nodeType,d=1==b.nodeType;if(c&&d)return a.sourceIndex-b.sourceIndex;var e=a.parentNode,f=b.parentNode;return e==f?v0a(a,b):!c&&_.Ph(e,b)?-1*w0a(a,b):!d&&_.Ph(f,a)?w0a(b,a):(c?a.sourceIndex:e.sourceIndex)-(d?b.sourceIndex:f.sourceIndex)}d=_.Ch(a);c=d.createRange

                                                                                                                                                                                                        Chrome Cache Entry: 998

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):1571
                                                                                                                                                                                                        Entropy (8bit):6.977108481507109
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:48:gWUXiWdhTN+VgdWmrkHDpDCOAHntXQdVmOBrwZ:mCArodDT4ntAdVn0
                                                                                                                                                                                                        MD5:EFB5F12C6E9E89898B5B92091B6C32AA
                                                                                                                                                                                                        SHA1:CD5B72EC38AC5AA86383B746324555D425456D1D
                                                                                                                                                                                                        SHA-256:BFB434B05ECBAE23A0D1480977E3019A34A4E1100E624886D4952901A12BE56A
                                                                                                                                                                                                        SHA-512:19C8BC17CB9A8EFC01E01A75E1812617B393D3D460FA823A488E726F51AED71523B2C29D544CC5B679073B73B5919BC711C6EE003A67938A1E7A8CA47F10A348
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://scontent-lga3-2.xx.fbcdn.net/v/t39.30808-1/402507106_3366840493461901_8064181354331655882_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=11e7ab&_nc_ohc=hvDkMtWtGrUAX9qc80G&_nc_ht=scontent-lga3-2.xx&oh=00_AfC2oOEs3vGnFcXN-kNhCahLiakPAHvehQ2Xf1xwQah5BA&oe=65DBCB37
                                                                                                                                                                                                        Preview:......JFIF..............Photoshop 3.0.8BIM.......h..(.bFBMD0a000a6e010000e301000072020000ab020000f3020000ad0300005c04000094040000d20400001805000023060000....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...............................................................................v...t.=...CJ.S.E.8sK..Q*.{..3......n......^.`.>XW.....A-0.__..."............................"#01...........,/P....2...&D.>....jXz...zy.-..Fy...c-..^^y.L.(.1b.@.+.Hiu$.m.x.^d......=.6...Nk.....Q.{_..ng=s.............................!1........?..tk)-8..J.uZ=.|............................1..!........?...".T.1.N.uh.rn?...+......................!1..."A#2BQq... 03a........?..,.B.S....v.Z....R^b:n..~5.......lt3xc.4V..C.S..J...^...$(.....q...42.l..C?EH.A{GT..v........f......1.I.........m..i.............$....................!1AQaq.....0..........?!.82.3v...........{.F.n..I....="9h...."\_..b.i

                                                                                                                                                                                                        Chrome Cache Entry: 999

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (36945)
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):140181
                                                                                                                                                                                                        Entropy (8bit):5.409251244220194
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:1536:erEarAE8EkFanSN/mFOB/mltKmLdEIwQGNGra3mRuh/sFhFHNreDog0akXkQhWt+:eW0xPENJ3mRu/sj9NrTZakWt6eA2+H
                                                                                                                                                                                                        MD5:9B573BCB718A31275EC0B4311CE4A433
                                                                                                                                                                                                        SHA1:28550F57CF577ED9068488EC42536C433B1992FB
                                                                                                                                                                                                        SHA-256:BCE5FAC70A3C1EE99224DA729B39386CEF6DB6025B5533F73BEB049D7BB8B193
                                                                                                                                                                                                        SHA-512:E3958DE26BA3B279EC2E3BBFF880A64AF89BCDD55CEE074161B13ECA6508B207FDC347AA1995AD03BD954D0C793281B1E389259AA262986E1AE0CFA0EB345BB5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        URL:https://platform.linkedin.com/litms/utag/checkpoint-frontend/utag.js?cb=1708533600000
                                                                                                                                                                                                        Preview:var tealiumDil,utag_condload=!1;window.__tealium_twc_switch=!1;try{try{var landingPageUrl=sessionStorage.getItem("utagLandingPage");landingPageUrl&&sessionStorage.removeItem("utagLandingPage")}catch(e){console.log(e)}}catch(e){console.log(e)}if(void 0===utag&&!utag_condload){var utag={id:"linkedin.checkpoint-frontend",o:{},sender:{},send:{},rpt:{ts:{a:new Date}},dbi:[],db_log:[],loader:{q:[],lc:0,f:{},p:0,ol:0,wq:[],lq:[],bq:{},bk:{},rf:0,ri:0,rp:0,rq:[],ready_q:[],sendq:{pending:0},run_ready_q:function(){for(var e=0;e<utag.loader.ready_q.length;e++){utag.DB("READY_Q:"+e);try{utag.loader.ready_q[e]()}catch(e){utag.DB(e)}}},lh:function(e,t,n){return t=(e=""+location.hostname).split("."),n=/\.co\.|\.com\.|\.org\.|\.edu\.|\.net\.|\.asn\.|\...\.jp$/.test(e)?3:2,t.splice(t.length-n,n).join(".")},WQ:function(e,t,n,a,i){utag.DB("WQ:"+utag.loader.wq.length);try{utag.udoname&&utag.udoname.indexOf(".")<0&&utag.ut.merge(utag.data,window[utag.udoname],0),utag.cfg.load_rules_at_wait&&utag.handler.L

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Entropy (8bit):7.960876666522179
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                        File name:SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        File size:2'300'928 bytes
                                                                                                                                                                                                        MD5:412b746e17540448a98a952b5eb29744
                                                                                                                                                                                                        SHA1:684a4276f34154fe2773f1afb095ad26a19e1823
                                                                                                                                                                                                        SHA256:9f121f9e36a53eb08ff86c94cf9678245d0c1d56670118d44351bea52e74aec7
                                                                                                                                                                                                        SHA512:d4469252af0eb46aacd86bb90b1d15acccd48a07eb8f57a397f1ef3a9e35b7a642aab8588945b85a47fdac26df488dbb6d81721049f09feffd6caef4e2b5b08c
                                                                                                                                                                                                        SSDEEP:49152:60MC0ftOfWFWf7oqN1JzRRnt9iokxHbvJzyD6CdRhx2Z:6050ftOfWI539Xtkokx7dEjdjxE
                                                                                                                                                                                                        TLSH:98B533D6AD9BDB66C8AD65F98A9CDB13B055F072899E074CBC68326F730F5C3A4440B0
                                                                                                                                                                                                        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C...............L.......L.......L.......H.G.....H.......H.......H...R...L.......L.......L.........................E.......-....

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:b2b2b3b2e4e66638

                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Entrypoint:0x98e000
                                                                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                        Time Stamp:0x65D4404E [Tue Feb 20 06:01:50 2024 UTC]
                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                        jmp 00007FDD2C620F2Ah
                                                                                                                                                                                                        psubd mm4, qword ptr [edx]
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add cl, ch
                                                                                                                                                                                                        add byte ptr [eax], ah
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [0000000Ah], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], dl
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [edx], al
                                                                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [0200000Ah], al
                                                                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [ecx], al
                                                                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                        add eax, 0000000Ah
                                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x13b0540x68.idata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1370000x3168.rsrc
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x13b1f80x8.idata
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                        Sections

                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                        0x10000x1360000x8f0000fad1d5c1acb80d97faa8262eca32868False0.9993187964379371data7.986030065230696IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        .rsrc0x1370000x31680x1800f6f4f17236971140311922c49ba4a3d1False0.9192708333333334data7.6177631908058IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        .idata 0x13b0000x10000x2001e17ac6f9d72045027c75c82e74ad637False0.14453125data0.9942709484982628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        0x13c0000x2b30000x2009b07f7162d96f0b15f6a28d1a943f912unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        jqngduam0x3ef0000x19e0000x19d80042a7731126948844a849d66d072ed894False0.9906464914600968OpenPGP Public Key7.951459786801299IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        kbulycau0x58d0000x10000x600cd09153200e80354d9ee6e9e0cca4592False0.580078125data4.967430797404031IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        .taggant0x58e0000x30000x22004b210d758c37bdc36db44ec1ad285aa5False0.06721047794117647DOS executable (COM)0.7159838336900303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                        Resources

                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                        RT_ICON0x5897440x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0RussianRussia0.3333333333333333
                                                                                                                                                                                                        RT_ICON0x589a2c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 0RussianRussia0.5777027027027027
                                                                                                                                                                                                        RT_ICON0x589b540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0RussianRussia0.4165162454873646
                                                                                                                                                                                                        RT_ICON0x58a3fc0x568Device independent bitmap graphic, 16 x 32 x 8, image size 0RussianRussia0.42991329479768786
                                                                                                                                                                                                        RT_ICON0x58a9640x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0RussianRussia0.5159474671669794
                                                                                                                                                                                                        RT_ICON0x58ba0c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0RussianRussia0.6338652482269503
                                                                                                                                                                                                        RT_GROUP_ICON0x58be740x5adataRussianRussia0.7111111111111111
                                                                                                                                                                                                        RT_VERSION0x58bece0x33cdataRussianRussia0.44806763285024154
                                                                                                                                                                                                        RT_MANIFEST0x58c20a0x2e6XML 1.0 document, ASCII text, with CRLF line terminators0.45417789757412397
                                                                                                                                                                                                        RT_MANIFEST0x58c4f00x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                        Imports

                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                        kernel32.dlllstrcpy

                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                        RussianRussia
                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                        Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:16:24:03
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.32025.7334.exe
                                                                                                                                                                                                        Imagebase:0xb60000
                                                                                                                                                                                                        File size:2'300'928 bytes
                                                                                                                                                                                                        MD5 hash:412B746E17540448A98A952B5EB29744
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                        Start time:16:24:07
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                                                                                                                                                                                                        Imagebase:0x3f0000
                                                                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                        Start time:16:24:07
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                        Start time:16:24:07
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                                                                                                                                                                                                        Imagebase:0x3f0000
                                                                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                        Start time:16:24:07
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                        Start time:16:24:07
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        Imagebase:0xf0000
                                                                                                                                                                                                        File size:2'300'928 bytes
                                                                                                                                                                                                        MD5 hash:412B746E17540448A98A952B5EB29744
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                        • Detection: 55%, ReversingLabs
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                        Start time:16:24:07
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                        Imagebase:0xf0000
                                                                                                                                                                                                        File size:2'300'928 bytes
                                                                                                                                                                                                        MD5 hash:412B746E17540448A98A952B5EB29744
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                        Start time:16:24:16
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                                                                                        Imagebase:0x840000
                                                                                                                                                                                                        File size:2'300'928 bytes
                                                                                                                                                                                                        MD5 hash:412B746E17540448A98A952B5EB29744
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                        • Detection: 55%, ReversingLabs
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                        Start time:16:24:22
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user~1\AppData\Local\Temp\heidiP2OuO4KF0LZU\S7SZCszMQx8n9dmoMncg.exe"
                                                                                                                                                                                                        Imagebase:0x440000
                                                                                                                                                                                                        File size:918'528 bytes
                                                                                                                                                                                                        MD5 hash:17FEBB6CBC56CF10917289FA796F1554
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                        • Detection: 24%, ReversingLabs
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                        Start time:16:24:22
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                        Start time:16:24:22
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                        Start time:16:24:23
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/video
                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                        Start time:16:24:23
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1900,i,12042421020142427047,15786954676034076756,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                        Start time:16:24:23
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1912,i,14123316736380451074,15008792521962585165,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                        Start time:16:24:24
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2004,i,17548813359493007476,4145100225753045264,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                        Start time:16:24:25
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                        Start time:16:24:25
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                                                                                        Imagebase:0x840000
                                                                                                                                                                                                        File size:2'300'928 bytes
                                                                                                                                                                                                        MD5 hash:412B746E17540448A98A952B5EB29744
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                        Start time:16:24:25
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1960,i,1618289422158722010,7429834957061146292,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                        Start time:16:24:26
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                        Start time:16:24:26
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                        Start time:16:24:26
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                        Start time:16:24:26
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                        Start time:16:24:27
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                        Start time:16:24:27
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 HR" /sc HOURLY /rl HIGHEST
                                                                                                                                                                                                        Imagebase:0x3f0000
                                                                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                        Start time:17:38:34
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2064,i,13272552955058679350,15913954508286482383,262144 /prefetch:3
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                        Start time:17:38:34
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2064,i,3932159021268247471,17896344974051134979,262144 /prefetch:3
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                        Start time:17:38:34
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                        Start time:17:38:34
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.facebook.com/video
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                        Start time:17:38:34
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1076 --field-trial-handle=1440,i,723544732951361242,13798842814435574485,262144 /prefetch:3
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                        Start time:17:38:34
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                        Start time:17:38:35
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                        Start time:17:38:35
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 LG" /sc ONLOGON /rl HIGHEST
                                                                                                                                                                                                        Imagebase:0x3f0000
                                                                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                        Start time:17:38:35
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:45
                                                                                                                                                                                                        Start time:17:38:35
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:46
                                                                                                                                                                                                        Start time:17:38:35
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe
                                                                                                                                                                                                        Imagebase:0x480000
                                                                                                                                                                                                        File size:1'902'080 bytes
                                                                                                                                                                                                        MD5 hash:07D7F9FCE107448C2D383A87DE39AFB2
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002E.00000003.1644044585.0000000004B00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002E.00000002.1768331607.0000000000481000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:47
                                                                                                                                                                                                        Start time:17:38:36
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=1988,i,4751795589634086725,15677866470349412690,262144 /prefetch:3
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:48
                                                                                                                                                                                                        Start time:17:38:36
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:49
                                                                                                                                                                                                        Start time:17:38:38
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevation
                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:50
                                                                                                                                                                                                        Start time:17:38:38
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video --attempting-deelevation
                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:51
                                                                                                                                                                                                        Start time:17:38:39
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:53
                                                                                                                                                                                                        Start time:17:38:39
                                                                                                                                                                                                        Start date:21/02/2024
                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com --attempting-deelevation
                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:13.4%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:7.5%
                                                                                                                                                                                                          Signature Coverage:69.9%
                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                          Total number of Limit Nodes:142
                                                                                                                                                                                                          execution_graph 73906 c4cdc2 73909 c4cc32 73906->73909 73912 c4cc5f std::locale::_Setgloballocale 73909->73912 73911 c4cca8 73913 c4ccae 73911->73913 73920 c4ccc9 73911->73920 73916 c4cac3 73912->73916 73917 c4cacf __fread_nolock std::_Lockit::_Lockit 73916->73917 73923 c4cb4a 73917->73923 73919 c4cae6 std::locale::_Setgloballocale 73919->73911 73921 c4ccd3 std::locale::_Setgloballocale 73920->73921 73922 c4ccef ExitProcess 73921->73922 73924 c4cb56 __fread_nolock std::locale::_Setgloballocale 73923->73924 73925 c4cbba std::locale::_Setgloballocale 73924->73925 73927 c4ffc4 RtlFreeHeap __EH_prolog3 std::locale::_Init std::locale::_Setgloballocale 73924->73927 73925->73919 73927->73925 73928 b7a150 73929 b7a1bf __fread_nolock 73928->73929 73930 b7a47f 73929->73930 73931 b7a2cf 73929->73931 74011 b62040 73930->74011 73990 bcd850 73931->73990 73934 b7a2f5 74005 bc5b90 73934->74005 73935 b7a484 74014 c42350 73935->74014 73938 b7a306 73938->73935 73939 b7a367 73938->73939 74010 b62cc0 ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 73939->74010 73940 c42350 3 API calls 73946 b7a48e 73940->73946 73942 c42350 3 API calls 73943 b7c2fa 73942->73943 73944 b7a462 73945 b7a3a2 73945->73940 73945->73944 73966 b7c1ab Concurrency::cancel_current_task 73946->73966 74017 b62830 73946->74017 73948 b7c23d 73949 b7a59c 74033 bc5e10 73949->74033 73951 b7a5af 74050 b6c430 73951->74050 73966->73942 73966->73948 73991 bcd883 73990->73991 73996 bcd8ae std::_Locinfo::_Locinfo_ctor 73990->73996 73992 bcd890 73991->73992 73993 bcd8dc 73991->73993 73994 bcd8d3 73991->73994 74146 c3ce31 73992->74146 73993->73996 73999 c3ce31 std::_Facet_Register 4 API calls 73993->73999 73994->73992 73995 bcd92d 73994->73995 74154 b61fa0 4 API calls 2 library calls 73995->74154 73996->73934 73999->73996 74000 bcd8a3 74000->73996 74001 c42350 3 API calls 74000->74001 74002 bcd937 74001->74002 74155 c4b376 74002->74155 74004 bcd954 74004->73934 74006 bc5ba4 74005->74006 74009 bc5bb4 std::_Locinfo::_Locinfo_ctor 74006->74009 74174 bcbc40 4 API calls 3 library calls 74006->74174 74008 bc5bfa 74008->73938 74009->73938 74010->73945 74175 c3b28b 4 API calls 2 library calls 74011->74175 74176 c4228c ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 74014->74176 74016 c4235f __Getctype 74018 b62846 74017->74018 74019 b628f5 74017->74019 74022 b62852 std::_Locinfo::_Locinfo_ctor 74018->74022 74023 b6287a 74018->74023 74025 b628b5 74018->74025 74026 b628be 74018->74026 74020 b62040 4 API calls 74019->74020 74021 b628fa 74020->74021 74177 b61fa0 4 API calls 2 library calls 74021->74177 74022->73949 74027 c3ce31 std::_Facet_Register 4 API calls 74023->74027 74025->74021 74025->74023 74029 c3ce31 std::_Facet_Register 4 API calls 74026->74029 74032 b62896 std::_Locinfo::_Locinfo_ctor 74026->74032 74028 b6288d 74027->74028 74030 c42350 3 API calls 74028->74030 74028->74032 74029->74032 74031 b62904 74030->74031 74032->73949 74034 bc5e3a 74033->74034 74035 bc5e4b 74034->74035 74036 bc5ef2 74034->74036 74037 bc5e57 std::_Locinfo::_Locinfo_ctor 74035->74037 74039 bc5e7c 74035->74039 74042 bc5ebe 74035->74042 74043 bc5eb5 74035->74043 74038 b62040 4 API calls 74036->74038 74037->73951 74040 bc5ef7 74038->74040 74044 c3ce31 std::_Facet_Register 4 API calls 74039->74044 74178 b61fa0 4 API calls 2 library calls 74040->74178 74046 c3ce31 std::_Facet_Register 4 API calls 74042->74046 74048 bc5e96 std::_Locinfo::_Locinfo_ctor 74042->74048 74043->74039 74043->74040 74045 bc5e8f 74044->74045 74047 c42350 3 API calls 74045->74047 74045->74048 74046->74048 74049 bc5f01 74047->74049 74048->73951 74049->73951 74052 b6c4bc 74050->74052 74051 b6c724 74052->74051 74055 b62830 4 API calls 74052->74055 74069 b6c640 74052->74069 74070 b6c5cf 74052->74070 74179 bd2a00 74052->74179 74055->74052 74149 c3ce36 std::_Facet_Register 74146->74149 74148 c3ce50 74148->74000 74149->74148 74151 b61fa0 Concurrency::cancel_current_task 74149->74151 74158 c4bacc 74149->74158 74150 c3ce5c 74150->74150 74151->74150 74162 c3e1f1 74151->74162 74154->74000 74171 c54953 74155->74171 74157 c4b38e 74157->74004 74159 c549cd __Getctype std::_Facet_Register 74158->74159 74160 c54a09 74159->74160 74161 c549f6 RtlAllocateHeap 74159->74161 74160->74149 74161->74159 74161->74160 74163 c3e1fe 74162->74163 74169 b61fe3 74162->74169 74164 c4bacc ___std_exception_copy RtlAllocateHeap 74163->74164 74163->74169 74165 c3e21b 74164->74165 74166 c3e22b 74165->74166 74170 c53258 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 74165->74170 74168 c4b376 ___std_exception_destroy RtlFreeHeap 74166->74168 74168->74169 74169->74000 74170->74166 74172 c5495e RtlFreeHeap 74171->74172 74173 c54973 __dosmaperr 74171->74173 74172->74173 74173->74157 74174->74008 74176->74016 74177->74028 74178->74045 74250 b7dbb0 WSAStartup 74251 b7dbe8 74250->74251 74255 b7dca6 74250->74255 74252 b7dc74 socket 74251->74252 74251->74255 74253 b7dc8a connect 74252->74253 74252->74255 74254 b7dc9c closesocket 74253->74254 74253->74255 74254->74252 74254->74255 74256 baf190 74257 baf1b6 74256->74257 74258 bb333b 74257->74258 74259 baf1e1 74257->74259 74330 b62700 4 API calls 74257->74330 74332 b8de70 15 API calls 74257->74332 74260 bc5e10 4 API calls 74259->74260 74261 bc5e10 4 API calls 74259->74261 74260->74259 74262 baf225 74261->74262 74263 baf26b 74262->74263 74265 baf27c 74263->74265 74264 b62830 4 API calls 74264->74265 74265->74264 74266 b62830 4 API calls 74265->74266 74267 baf2fb 74266->74267 74269 baf323 74267->74269 75170 bb2ec2 74267->75170 75171 b8de70 74267->75171 74273 baf335 74269->74273 74270 bc5e10 4 API calls 74271 bb2ee3 74270->74271 74272 bc5e10 4 API calls 74271->74272 74279 bb2eff 74272->74279 74274 baf351 74273->74274 74275 bc5e10 4 API calls 74274->74275 74276 baf359 74275->74276 74278 baf370 74276->74278 74277 b62830 4 API calls 74277->74279 74280 baf377 74278->74280 74279->74277 74283 bb2fa0 74279->74283 74281 bc5e10 4 API calls 74280->74281 74282 baf37f 74281->74282 74284 b62700 4 API calls 74282->74284 74283->74283 74285 b62830 4 API calls 74283->74285 74286 baf3b9 74284->74286 74287 bb2fdd 74285->74287 74290 b62700 4 API calls 74286->74290 74288 b8de70 15 API calls 74287->74288 74289 bc5e10 4 API calls 74287->74289 74288->74287 74295 bb3016 74289->74295 74291 baf3f8 74290->74291 74293 b8de70 15 API calls 74291->74293 74292 bc5e10 4 API calls 74292->74295 74294 baf40c 74293->74294 74297 baf421 74294->74297 74295->74292 74296 bb3060 74295->74296 74303 bb307b 74296->74303 74298 baf43d 74297->74298 74299 b62830 4 API calls 74299->74303 74303->74299 74309 bb3107 74303->74309 74305 b62830 4 API calls 74305->74309 74308 b8de70 15 API calls 74308->74309 74309->74305 74309->74308 74313 bb313e 74309->74313 74315 bb315a 74313->74315 74318 bc5e10 4 API calls 74315->74318 74319 bb3169 74318->74319 74330->74257 74332->74257 75170->74270 75172 b8dece __fread_nolock 75171->75172 75228 bc9c10 75172->75228 75175 b8ebb9 75177 b62700 4 API calls 75175->75177 75176 b8df2d 75178 bc5e10 4 API calls 75176->75178 75179 b8ebc9 75177->75179 75180 b8df3e 75178->75180 75331 bc4ab0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75179->75331 75236 b80780 75180->75236 75183 b8ebdf 75185 b62660 3 API calls 75183->75185 75186 b8ebb7 75185->75186 75190 b62700 4 API calls 75186->75190 75220 b8ec44 std::_Locinfo::_Locinfo_ctor 75186->75220 75194 b8ec1f 75190->75194 75193 b8fbf0 75196 bc8000 5 API calls 75193->75196 75332 bc4ab0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75194->75332 75205 b8df77 75196->75205 75199 b8ec35 75202 c42350 3 API calls 75204 b8fd50 75202->75204 75203 b8fd46 75207 b62040 4 API calls 75203->75207 75205->75202 75206 b8fd29 75205->75206 75206->74267 75207->75205 75210 bcd660 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75210->75220 75211 bcbc40 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75211->75220 75218 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75218->75220 75219 bd2170 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75219->75220 75220->75193 75220->75203 75220->75205 75220->75210 75220->75211 75220->75218 75220->75219 75224 b8fd60 ExitProcess RtlAllocateHeap RtlFreeHeap 75220->75224 75226 b6bf00 7 API calls 75220->75226 75227 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 75220->75227 75320 bc5b20 75220->75320 75224->75220 75226->75220 75227->75220 75229 bc9c25 75228->75229 75229->75229 75230 bc9c5f 75229->75230 75231 bc9c3f 75229->75231 75232 b62040 4 API calls 75230->75232 75234 bcd850 4 API calls 75231->75234 75233 bc9c64 75232->75233 75235 b8df05 75234->75235 75235->75175 75235->75176 75237 b807f2 75236->75237 75238 b62040 4 API calls 75237->75238 75239 b80b87 75238->75239 75240 c42350 3 API calls 75239->75240 75241 b80b8c 75240->75241 75333 bc3c50 75241->75333 75321 bc5b30 75320->75321 75321->75321 75331->75183 75332->75199 75432 bc7b50 75333->75432 76213 bbd030 76214 bbd078 76213->76214 76215 bbd064 76213->76215 76216 bc5e10 4 API calls 76215->76216 76217 bbd073 76216->76217 76219 b9d5a0 76217->76219 76220 b9d5f8 __fread_nolock 76219->76220 76221 b62830 4 API calls 76220->76221 76222 b9d67e 76221->76222 76223 bc9c70 4 API calls 76222->76223 76226 b9d697 76223->76226 76224 c3c3b3 GetSystemTimePreciseAsFileTime 76230 b9d702 76224->76230 76225 b9ed0d 76228 c42350 3 API calls 76225->76228 76226->76224 76226->76225 76227 b9ed12 76321 c3c05c 8 API calls std::locale::_Setgloballocale 76227->76321 76228->76227 76230->76227 76230->76230 76233 b9d72f GetFileAttributesA 76230->76233 76239 b9ec1d __Mtx_unlock 76230->76239 76231 b9ed18 76232 b62040 4 API calls 76231->76232 76234 b9ed1d 76232->76234 76243 b9d741 __Mtx_unlock 76233->76243 76322 c3c05c 8 API calls std::locale::_Setgloballocale 76234->76322 76236 b9ed23 76237 b62040 4 API calls 76236->76237 76238 b9ed28 76237->76238 76240 c42350 3 API calls 76238->76240 76239->76214 76241 b9ed2d 76240->76241 76242 b62040 4 API calls 76241->76242 76244 b9ed46 76242->76244 76243->76231 76243->76239 76246 bcd850 4 API calls 76243->76246 76245 c42350 3 API calls 76244->76245 76248 b9d7d8 76246->76248 76249 c3c3b3 GetSystemTimePreciseAsFileTime 76248->76249 76250 b9d7fa __Mtx_unlock 76249->76250 76250->76234 76250->76236 76250->76239 76251 bcd850 4 API calls 76250->76251 76252 b9d8ec 76251->76252 76287 c42f00 76252->76287 76323 c42e3e 76287->76323 76289 c42f12 76325 c42e4a __fread_nolock 76323->76325 76324 c42e51 76334 c42340 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 76324->76334 76325->76324 76326 c42e71 76325->76326 76329 c42e61 76326->76329 76330 c54228 76326->76330 76329->76289 76331 c54234 __fread_nolock std::_Lockit::_Lockit 76330->76331 76334->76329 76471 bb3910 76472 bb3950 76471->76472 76473 bc9b50 4 API calls 76472->76473 76474 bb467b 76472->76474 76476 bb4e8e 76472->76476 76475 bb39b9 76473->76475 76477 bc9b50 4 API calls 76474->76477 76594 b6bf90 76475->76594 76482 bc9b50 4 API calls 76476->76482 76485 bb5024 76476->76485 76479 bb46c2 76477->76479 76478 bb519c 76688 bc25c0 ExitProcess RtlAllocateHeap RtlFreeHeap 76478->76688 76486 c42f00 3 API calls 76479->76486 76484 bb4f0c 76482->76484 76483 bb51aa 76492 c42f00 3 API calls 76484->76492 76485->76478 76489 bc9b50 4 API calls 76485->76489 76487 bb46d6 76486->76487 76490 b62660 3 API calls 76487->76490 76488 bb39d2 76493 bb39ea 76488->76493 76603 b6c010 76488->76603 76494 bb50b1 76489->76494 76500 bb46e9 76490->76500 76495 bb4f20 76492->76495 76496 bca1b0 4 API calls 76493->76496 76497 bb4669 76493->76497 76503 bb405c 76493->76503 76499 c42f00 3 API calls 76494->76499 76498 b62660 3 API calls 76495->76498 76553 bb3a1a 76496->76553 76501 b62660 3 API calls 76497->76501 76509 bb4f33 76498->76509 76504 bb50c5 76499->76504 76500->76476 76586 b62be0 76500->76586 76501->76474 76502 bb4648 76502->76497 76511 b6c050 13 API calls 76502->76511 76503->76502 76506 bca1b0 4 API calls 76503->76506 76508 b62660 3 API calls 76504->76508 76584 bb4088 76506->76584 76507 bb404d 76634 b7c300 ExitProcess RtlAllocateHeap RtlFreeHeap 76507->76634 76515 bb50d8 76508->76515 76509->76485 76512 b62be0 6 API calls 76509->76512 76511->76497 76538 bb4f4c 76512->76538 76513 bb4702 76522 bb4ab8 76513->76522 76589 bca1b0 76513->76589 76514 bb4639 76637 b7c300 ExitProcess RtlAllocateHeap RtlFreeHeap 76514->76637 76515->76478 76518 b62be0 6 API calls 76515->76518 76517 bb501e 76520 c46788 7 API calls 76517->76520 76532 bb50f1 76518->76532 76520->76485 76521 bb4e88 76524 c46788 7 API calls 76521->76524 76522->76521 76640 bcd110 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 76522->76640 76524->76476 76525 bb5196 76527 c46788 7 API calls 76525->76527 76526 bb4adf 76641 bd9be0 76526->76641 76527->76478 76532->76525 76536 b62be0 6 API calls 76532->76536 76536->76532 76538->76517 76539 b62be0 6 API calls 76538->76539 76539->76538 76540 bc2b60 4 API calls 76540->76584 76545 b62830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76545->76584 76547 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76547->76553 76549 bd0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76549->76553 76550 b62660 ExitProcess RtlAllocateHeap RtlFreeHeap 76550->76553 76551 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76551->76584 76553->76507 76553->76547 76553->76549 76553->76550 76558 b6c010 10 API calls 76553->76558 76560 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76553->76560 76561 b62700 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76553->76561 76572 bc9c10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76553->76572 76573 c42f00 ExitProcess RtlAllocateHeap RtlFreeHeap 76553->76573 76575 b62be0 6 API calls 76553->76575 76578 b6bf90 10 API calls 76553->76578 76583 c46788 7 API calls 76553->76583 76611 bc7330 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap Concurrency::cancel_current_task 76553->76611 76612 bc2b60 76553->76612 76623 b6c730 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76553->76623 76624 bc8730 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Locinfo::_Locinfo_ctor 76553->76624 76625 b6bf00 76553->76625 76556 bb4728 76557 bd0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76557->76584 76558->76553 76560->76553 76561->76553 76569 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76569->76584 76570 bc9c10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76570->76584 76572->76553 76573->76553 76575->76553 76576 b6bf90 10 API calls 76576->76584 76577 b6bf00 7 API calls 76577->76584 76578->76553 76579 b6c010 10 API calls 76579->76584 76580 c42f00 ExitProcess RtlAllocateHeap RtlFreeHeap 76580->76584 76581 b62be0 6 API calls 76581->76584 76582 b62660 ExitProcess RtlAllocateHeap RtlFreeHeap 76582->76584 76583->76553 76584->76514 76584->76540 76584->76545 76584->76551 76584->76557 76584->76569 76584->76570 76584->76576 76584->76577 76584->76579 76584->76580 76584->76581 76584->76582 76585 c46788 7 API calls 76584->76585 76635 bc7330 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap Concurrency::cancel_current_task 76584->76635 76636 bc8730 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Locinfo::_Locinfo_ctor 76584->76636 76585->76584 76689 b62bb0 76586->76689 76590 c3ce31 std::_Facet_Register 4 API calls 76589->76590 76591 bca1f4 76590->76591 76592 bd9be0 4 API calls 76591->76592 76593 bca21e 76592->76593 76593->76556 76595 c3c3b3 GetSystemTimePreciseAsFileTime 76594->76595 76596 b6bfa2 76595->76596 76597 b6bffe 76596->76597 76598 b6bfa9 76596->76598 76796 c3c05c 8 API calls std::locale::_Setgloballocale 76597->76796 76601 b6bfc9 __Mtx_unlock 76598->76601 76602 b6bfbd GetFileAttributesA 76598->76602 76601->76488 76602->76601 76604 c3c3b3 GetSystemTimePreciseAsFileTime 76603->76604 76605 b6c01d 76604->76605 76606 b6c024 CreateDirectoryA 76605->76606 76607 b6c03f 76605->76607 76608 b6c038 __Mtx_unlock 76606->76608 76797 c3c05c 8 API calls std::locale::_Setgloballocale 76607->76797 76608->76493 76611->76553 76613 bc2bbc 76612->76613 76616 bc2b85 Concurrency::cancel_current_task 76612->76616 76614 b62700 4 API calls 76613->76614 76615 bc2bc9 76614->76615 76798 b68740 4 API calls 2 library calls 76615->76798 76617 bc2b95 76616->76617 76619 b62700 4 API calls 76616->76619 76617->76553 76620 bc2bff 76619->76620 76799 b68740 4 API calls 2 library calls 76620->76799 76622 bc2c17 Concurrency::cancel_current_task 76623->76553 76624->76553 76626 b6bf10 76625->76626 76627 c42f00 3 API calls 76626->76627 76628 b6bf37 76627->76628 76629 c46788 7 API calls 76628->76629 76630 b6bf44 76628->76630 76629->76630 76631 b6bf73 76630->76631 76632 c42350 3 API calls 76630->76632 76631->76553 76633 b6bf89 76632->76633 76634->76503 76635->76584 76636->76584 76637->76502 76640->76526 76642 bd9c1f 76641->76642 76643 bd9dd6 76641->76643 76644 c3ce31 std::_Facet_Register 4 API calls 76642->76644 76645 b62700 4 API calls 76643->76645 76688->76483 76690 b62bc2 76689->76690 76693 c4a413 76690->76693 76694 c4a427 __fread_nolock 76693->76694 76695 c4a449 76694->76695 76697 c4a470 76694->76697 76706 c422c3 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock __Getctype 76695->76706 76702 c47a76 76697->76702 76698 c4a464 76700 c4207c __fread_nolock 3 API calls 76698->76700 76701 b62bcc 76700->76701 76701->76513 76703 c47a82 __fread_nolock 76702->76703 76707 c489ab 76703->76707 76706->76698 76716 c561e3 76707->76716 76709 c489d2 76723 c48bf3 76709->76723 76740 c561a5 76716->76740 76718 c561f4 76719 c549cd std::_Locinfo::_Locinfo_ctor RtlAllocateHeap 76718->76719 76722 c56256 76718->76722 76720 c5624d 76719->76720 76721 c54953 ___std_exception_destroy RtlFreeHeap 76720->76721 76721->76722 76722->76709 76741 c561b1 76740->76741 76742 c561db 76741->76742 76743 c53b22 __fread_nolock 3 API calls 76741->76743 76742->76718 76744 c561cc 76743->76744 76745 c5e8e4 __fread_nolock 3 API calls 76744->76745 76746 c561d2 76745->76746 76746->76718 76798->76616 76799->76622 76836 bb52b0 77112 bb52f3 __Mtx_unlock 76836->77112 76837 bb530b 76838 bc9b50 4 API calls 76837->76838 76840 bb7424 76838->76840 76839 bc9b50 4 API calls 76839->77112 76841 b6bf90 10 API calls 76840->76841 76842 bb743d 76841->76842 76844 bb744e CreateDirectoryA 76842->76844 76847 bb745d 76842->76847 76843 b6bf90 10 API calls 76843->77112 76845 bb8053 76844->76845 76844->76847 76849 b62660 3 API calls 76845->76849 76846 bb8038 76846->76845 76851 b6c050 13 API calls 76846->76851 76847->76846 76850 bca1b0 4 API calls 76847->76850 76848 b6c010 10 API calls 76848->77112 76852 bb8061 76849->76852 77036 bb7485 __Mtx_unlock 76850->77036 76851->76845 76853 bb8029 77193 b7c300 ExitProcess RtlAllocateHeap RtlFreeHeap 76853->77193 76856 bb82c7 76857 c42350 3 API calls 76856->76857 76859 bb82cc 76857->76859 76858 b6c050 13 API calls 76858->77112 77195 c3c05c 8 API calls std::locale::_Setgloballocale 76859->77195 76861 bb82d2 76862 b62040 4 API calls 76861->76862 76863 bb82d7 76862->76863 76864 c42350 3 API calls 76863->76864 76870 bb82dc 76864->76870 76865 bc2a50 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76865->77036 76866 bc2b60 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76866->77036 76867 bca1b0 4 API calls 76867->77036 76868 bca1b0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76868->77112 76869 bc2b60 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76869->77112 76871 bb83b8 76870->76871 76872 bba497 76870->76872 76875 bcd850 4 API calls 76871->76875 76873 b62040 4 API calls 76872->76873 76877 bba49c 76873->76877 76874 c3ce31 std::_Facet_Register 4 API calls 76874->77112 76878 bb83e1 76875->76878 76876 bcbe70 3 API calls 76876->77036 77196 c3c05c 8 API calls std::locale::_Setgloballocale 76877->77196 76881 c3c3b3 GetSystemTimePreciseAsFileTime 76878->76881 76880 bd9be0 4 API calls 76880->77112 76884 bb840e 76881->76884 76882 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76882->77036 76883 bba4a2 77197 c3c05c 8 API calls std::locale::_Setgloballocale 76883->77197 76884->76877 76886 bb8419 76884->76886 76888 bb8439 __Mtx_unlock 76886->76888 76894 bb842d GetFileAttributesA 76886->76894 76887 bba4a8 76896 c3c3b3 GetSystemTimePreciseAsFileTime 76888->76896 76905 bb8453 __Mtx_unlock 76888->76905 76889 bcbe70 ExitProcess RtlAllocateHeap RtlFreeHeap 76889->77112 76891 bba4ad 76892 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76892->77112 76894->76888 76894->76905 76895 bb82ae Concurrency::cancel_current_task 76898 b62040 4 API calls 76895->76898 76899 bb848d 76896->76899 76897 bba4b3 76898->76856 76899->76883 76900 bb8498 CreateDirectoryA 76899->76900 76900->76905 76902 bc5b90 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76902->77112 76903 bba4b9 76916 c3ce31 std::_Facet_Register 4 API calls 76905->76916 76930 bb9303 76905->76930 76950 bb92db 76905->76950 76906 bba4be 76907 bc5b90 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76907->77036 76909 bc5b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76909->77036 76910 c3c3b3 GetSystemTimePreciseAsFileTime 76910->77036 76911 b62700 4 API calls 76911->77036 76912 bc5b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76912->77112 76913 bba4c4 76914 b6c050 13 API calls 76914->76930 76915 b62040 4 API calls 76920 bb8213 76915->76920 76923 bb850e 76916->76923 76917 b62660 ExitProcess RtlAllocateHeap RtlFreeHeap 76917->77036 76918 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76918->77112 77194 c3c05c 8 API calls std::locale::_Setgloballocale 76920->77194 76921 b62700 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76921->77112 76922 bc9c10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76922->77036 76926 bd9be0 4 API calls 76923->76926 76924 bba4ca 77113 bb8537 __Mtx_unlock 76926->77113 76928 bc9c10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76928->77112 76929 bb8219 76933 b62040 4 API calls 76929->76933 76934 bb9398 76930->76934 76935 bba4e3 76930->76935 76931 c42f00 3 API calls 76931->77036 76932 bba4cf 76938 bb821e 76933->76938 76940 bcd850 4 API calls 76934->76940 76939 b62040 4 API calls 76935->76939 76936 b6bf90 10 API calls 76936->77036 76952 b62700 4 API calls 76938->76952 76944 bba4e8 76939->76944 76945 bb93be 76940->76945 76941 bb92bd 76942 c3c3b3 GetSystemTimePreciseAsFileTime 76942->77112 76943 bba4d4 77202 c3c05c 8 API calls std::locale::_Setgloballocale 76944->77202 76954 c3c3b3 GetSystemTimePreciseAsFileTime 76945->76954 76946 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76946->77036 76950->76914 76950->76930 76951 bba4d9 76956 bb822f 76952->76956 76963 bc9c70 4 API calls 76956->76963 76959 bcd660 4 API calls 76959->77036 76961 c42f00 ExitProcess RtlAllocateHeap RtlFreeHeap 76961->77112 76962 bba4de 76967 bb8244 76963->76967 76971 b68920 4 API calls 76967->76971 76970 bc2a50 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76970->77112 76980 bb825c Concurrency::cancel_current_task 76971->76980 76979 bcd660 4 API calls 76979->77112 76986 b62700 4 API calls 76980->76986 76984 bc2b60 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 76984->77113 76985 c46788 7 API calls 76985->77036 76989 bb8281 76986->76989 76992 bc9c70 4 API calls 76989->76992 76991 c3ce31 std::_Facet_Register 4 API calls 76991->77113 76995 bb8296 76992->76995 76994 b62660 ExitProcess RtlAllocateHeap RtlFreeHeap 76994->77112 77002 b68920 4 API calls 76995->77002 77001 bd9be0 4 API calls 77001->77113 77002->76895 77008 c46788 7 API calls 77008->77112 77011 bcbe70 3 API calls 77011->77113 77014 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77014->77036 77019 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77019->77113 77033 bd0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77033->77036 77034 b62be0 6 API calls 77034->77036 77036->76853 77036->76856 77036->76859 77036->76861 77036->76863 77036->76865 77036->76866 77036->76867 77036->76876 77036->76882 77036->76895 77036->76907 77036->76909 77036->76910 77036->76911 77036->76917 77036->76922 77036->76931 77036->76936 77036->76946 77036->76959 77036->76985 77036->77014 77036->77033 77036->77034 77038 bd0850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77038->77112 77052 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77052->77113 77055 bc5b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77055->77113 77058 c3c3b3 GetSystemTimePreciseAsFileTime 77058->77113 77073 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77073->77112 77074 c42f00 3 API calls 77074->77113 77079 bb816a 77090 b62700 4 API calls 77079->77090 77083 bcd660 4 API calls 77083->77113 77094 bb817b 77090->77094 77098 bc9c70 4 API calls 77094->77098 77097 bd0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77097->77112 77102 bb8190 77098->77102 77099 bc5b90 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77099->77113 77101 bc2a50 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77101->77113 77107 b68920 4 API calls 77102->77107 77114 bb81a8 Concurrency::cancel_current_task 77107->77114 77111 c46788 7 API calls 77111->77113 77112->76837 77112->76839 77112->76843 77112->76848 77112->76856 77112->76858 77112->76868 77112->76869 77112->76874 77112->76880 77112->76889 77112->76892 77112->76902 77112->76912 77112->76918 77112->76920 77112->76921 77112->76928 77112->76929 77112->76938 77112->76942 77112->76961 77112->76970 77112->76979 77112->76980 77112->76994 77112->77008 77112->77038 77112->77073 77112->77079 77112->77097 77112->77114 77122 b62be0 6 API calls 77112->77122 77123 bb81fa Concurrency::cancel_current_task 77112->77123 77186 bc9dd0 77112->77186 77189 bc9bb0 77112->77189 77192 b7c300 ExitProcess RtlAllocateHeap RtlFreeHeap 77112->77192 77113->76887 77113->76891 77113->76897 77113->76903 77113->76906 77113->76913 77113->76924 77113->76932 77113->76941 77113->76943 77113->76951 77113->76962 77113->76984 77113->76991 77113->77001 77113->77011 77113->77019 77113->77052 77113->77055 77113->77058 77113->77074 77113->77083 77113->77099 77113->77101 77113->77111 77125 bd0ef0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77113->77125 77130 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77113->77130 77131 b62be0 6 API calls 77113->77131 77116 b62700 4 API calls 77114->77116 77117 bb81cd 77116->77117 77119 bc9c70 4 API calls 77117->77119 77120 bb81e2 77119->77120 77121 b68920 4 API calls 77120->77121 77121->77123 77122->77112 77123->76915 77125->77113 77130->77113 77131->77113 77187 bcd660 4 API calls 77186->77187 77188 bc9de8 77187->77188 77188->77112 77190 bc5b20 4 API calls 77189->77190 77191 bc9bc6 77190->77191 77191->77112 77192->77112 77193->76846 77219 bb3350 77230 bb3376 77219->77230 77220 bb38f6 77222 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77222->77230 77224 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77224->77230 77225 bc3910 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77225->77230 77226 bc3510 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77226->77230 77230->77220 77230->77222 77230->77224 77230->77225 77230->77226 77231 b948e0 77230->77231 77343 b96590 77230->77343 77445 b97660 77230->77445 77550 b98c90 77230->77550 77646 b9a700 77230->77646 77232 b94916 77231->77232 77233 bc3c50 4 API calls 77232->77233 77234 b94960 77233->77234 77235 bc9ec0 4 API calls 77234->77235 77236 b94985 __fread_nolock 77235->77236 77237 bc9c10 4 API calls 77236->77237 77238 b949d0 77237->77238 77239 bc9b50 4 API calls 77238->77239 77240 b94a22 77239->77240 77745 54e0d78 77240->77745 77749 54e0c60 77240->77749 77753 54e0bfb 77240->77753 77757 54e0b75 77240->77757 77761 54e0d65 77240->77761 77765 54e0c84 77240->77765 77769 54e0d00 77240->77769 77773 54e0c47 77240->77773 77777 54e0be2 77240->77777 77781 54e0c14 77240->77781 77785 54e0b5a 77240->77785 77789 54e0bd7 77240->77789 77793 54e0cf7 77240->77793 77797 54e0d17 77240->77797 77801 54e0bd0 77240->77801 77805 54e0d8d 77240->77805 77809 54e0b88 77240->77809 77813 54e0bab 77240->77813 77817 54e0ce4 77240->77817 77344 b965c6 77343->77344 77345 bc3c50 4 API calls 77344->77345 77346 b96610 77345->77346 77347 bc9ec0 4 API calls 77346->77347 77348 b9664c __fread_nolock 77347->77348 77348->77348 77349 b97590 77348->77349 77351 bcd850 4 API calls 77348->77351 77350 b62040 4 API calls 77349->77350 77352 b97595 77350->77352 77354 b966ef 77351->77354 77353 b62040 4 API calls 77352->77353 77368 b974bc 77353->77368 77354->77352 77354->77354 77357 bcd850 4 API calls 77354->77357 77355 c42350 3 API calls 77356 b9759f 77355->77356 77359 b62700 4 API calls 77356->77359 77358 b9677f 77357->77358 77426 54e0d8d GetPrivateProfileStringA 77358->77426 77427 54e0bab GetPrivateProfileStringA 77358->77427 77428 54e0b88 GetPrivateProfileStringA 77358->77428 77429 54e0c47 GetPrivateProfileStringA 77358->77429 77430 54e0ce4 GetPrivateProfileStringA 77358->77430 77431 54e0c84 GetPrivateProfileStringA 77358->77431 77432 54e0d65 GetPrivateProfileStringA 77358->77432 77433 54e0be2 GetPrivateProfileStringA 77358->77433 77434 54e0d00 GetPrivateProfileStringA 77358->77434 77435 54e0c60 GetPrivateProfileStringA 77358->77435 77436 54e0b5a GetPrivateProfileStringA 77358->77436 77437 54e0bfb GetPrivateProfileStringA 77358->77437 77438 54e0d78 GetPrivateProfileStringA 77358->77438 77439 54e0d17 GetPrivateProfileStringA 77358->77439 77440 54e0cf7 GetPrivateProfileStringA 77358->77440 77441 54e0bd7 GetPrivateProfileStringA 77358->77441 77442 54e0c14 GetPrivateProfileStringA 77358->77442 77443 54e0b75 GetPrivateProfileStringA 77358->77443 77444 54e0bd0 GetPrivateProfileStringA 77358->77444 77360 b975b6 77359->77360 77361 bc9c70 4 API calls 77360->77361 77362 b975cb 77361->77362 77363 b68920 4 API calls 77362->77363 77365 b975e3 Concurrency::cancel_current_task 77363->77365 77366 b62700 4 API calls 77365->77366 77367 b9760b 77366->77367 77369 bc9c70 4 API calls 77367->77369 77368->77355 77372 b9756d 77368->77372 77370 b97620 77369->77370 77371 b68920 4 API calls 77370->77371 77373 b97638 Concurrency::cancel_current_task 77371->77373 77372->77230 77374 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77376 b967b1 __fread_nolock 77374->77376 77375 bc5b20 4 API calls 77375->77376 77376->77349 77376->77356 77376->77365 77376->77368 77376->77374 77376->77375 77377 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77376->77377 77378 c42f00 3 API calls 77376->77378 77379 b6c430 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77376->77379 77380 c46788 7 API calls 77376->77380 77381 bc8000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77376->77381 77382 bc59f0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77376->77382 77383 bc3c50 4 API calls 77376->77383 77384 c3ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 77376->77384 77386 b74540 14 API calls 77376->77386 77387 c227b0 3 API calls 77376->77387 77388 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77376->77388 77389 bc3230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77376->77389 77390 b74970 10 API calls 77376->77390 77391 bff0e0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77376->77391 77394 bfbfb0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77376->77394 77395 beda80 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77376->77395 77396 b62830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77376->77396 77397 bccfd0 4 API calls 77376->77397 77821 c4a68e 77376->77821 77831 5490c77 77376->77831 77835 5490c4a 77376->77835 77839 5490ba0 77376->77839 77843 5490c0a 77376->77843 77847 5490d4f 77376->77847 77851 5490b8f 77376->77851 77855 5490d6d BaseDllReadWriteIniFile 77376->77855 77857 5490d1a 77376->77857 77861 5490d06 77376->77861 77865 5490bd3 77376->77865 77869 5490d5d 77376->77869 77873 5490c94 77376->77873 77877 5490cd4 77376->77877 77881 5490b57 77376->77881 77885 5490cee 77376->77885 77889 5490aef 77376->77889 77893 5490db8 77376->77893 77896 5490b02 77376->77896 77900 5490be1 77376->77900 77904 5490c26 77376->77904 77908 5490b23 77376->77908 77916 5490ca6 77376->77916 77920 5490d3a 77376->77920 77924 5490afb 77376->77924 77928 5490b36 77376->77928 77932 5490bfd 77376->77932 77936 5490b71 77376->77936 77940 bc79e0 77376->77940 77950 bc3510 77376->77950 77966 bfdee0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77376->77966 77967 bfe0f0 RtlAllocateHeap RtlFreeHeap 77376->77967 77377->77376 77378->77376 77379->77376 77380->77376 77381->77376 77382->77376 77383->77376 77384->77376 77386->77376 77387->77376 77388->77376 77389->77376 77390->77376 77391->77376 77394->77376 77395->77376 77396->77376 77397->77376 77426->77376 77427->77376 77428->77376 77429->77376 77430->77376 77431->77376 77432->77376 77433->77376 77434->77376 77435->77376 77436->77376 77437->77376 77438->77376 77439->77376 77440->77376 77441->77376 77442->77376 77443->77376 77444->77376 77446 b97696 77445->77446 77447 bc3c50 4 API calls 77446->77447 77448 b976e3 77447->77448 77449 bc9ec0 4 API calls 77448->77449 77450 b97728 __fread_nolock 77449->77450 77450->77450 77451 b98b8f 77450->77451 77452 bcd850 4 API calls 77450->77452 77453 b62040 4 API calls 77451->77453 77457 b977e0 77452->77457 77454 b98b94 77453->77454 77455 b62040 4 API calls 77454->77455 77471 b98ab7 77455->77471 77456 c42350 3 API calls 77458 b98b9e 77456->77458 77457->77454 77457->77457 77461 bcd850 4 API calls 77457->77461 77974 bc93d0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77458->77974 77460 b98ba3 77463 b62700 4 API calls 77460->77463 77462 b9786f 77461->77462 77504 54e0d8d GetPrivateProfileStringA 77462->77504 77505 54e0bab GetPrivateProfileStringA 77462->77505 77506 54e0b88 GetPrivateProfileStringA 77462->77506 77507 54e0c47 GetPrivateProfileStringA 77462->77507 77508 54e0ce4 GetPrivateProfileStringA 77462->77508 77509 54e0c84 GetPrivateProfileStringA 77462->77509 77510 54e0d65 GetPrivateProfileStringA 77462->77510 77511 54e0be2 GetPrivateProfileStringA 77462->77511 77512 54e0d00 GetPrivateProfileStringA 77462->77512 77513 54e0c60 GetPrivateProfileStringA 77462->77513 77514 54e0b5a GetPrivateProfileStringA 77462->77514 77515 54e0bfb GetPrivateProfileStringA 77462->77515 77516 54e0d78 GetPrivateProfileStringA 77462->77516 77517 54e0d17 GetPrivateProfileStringA 77462->77517 77518 54e0cf7 GetPrivateProfileStringA 77462->77518 77519 54e0bd7 GetPrivateProfileStringA 77462->77519 77520 54e0c14 GetPrivateProfileStringA 77462->77520 77521 54e0b75 GetPrivateProfileStringA 77462->77521 77522 54e0bd0 GetPrivateProfileStringA 77462->77522 77464 b98bba 77463->77464 77465 bc9c70 4 API calls 77464->77465 77466 b98bcf 77465->77466 77468 b68920 4 API calls 77466->77468 77467 c4a68e 4 API calls 77490 b978a1 __fread_nolock 77467->77490 77469 b98be7 Concurrency::cancel_current_task 77468->77469 77470 b62700 4 API calls 77469->77470 77472 b98c12 77470->77472 77471->77456 77474 b98b6c 77471->77474 77473 bc9c70 4 API calls 77472->77473 77475 b98c27 77473->77475 77474->77230 77476 b68920 4 API calls 77475->77476 77477 b98c3f Concurrency::cancel_current_task 77476->77477 77478 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77478->77490 77479 bc5b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77479->77490 77480 b6c430 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77480->77490 77481 c42f00 3 API calls 77481->77490 77482 c46788 7 API calls 77482->77490 77483 bc8000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77483->77490 77484 bc59f0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77484->77490 77485 bc3c50 4 API calls 77485->77490 77486 bc79e0 4 API calls 77486->77490 77487 b74540 14 API calls 77487->77490 77488 c227b0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77488->77490 77489 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77489->77490 77490->77451 77490->77458 77490->77460 77490->77467 77490->77469 77490->77471 77490->77478 77490->77479 77490->77480 77490->77481 77490->77482 77490->77483 77490->77484 77490->77485 77490->77486 77490->77487 77490->77488 77490->77489 77491 b74970 10 API calls 77490->77491 77494 bfbfb0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77490->77494 77495 b62830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77490->77495 77496 bc9c70 4 API calls 77490->77496 77497 beda80 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77490->77497 77498 c3ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 77490->77498 77499 bccfd0 4 API calls 77490->77499 77500 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77490->77500 77501 bc3510 4 API calls 77490->77501 77502 bc3230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77490->77502 77503 bff0e0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77490->77503 77523 5490c4a BaseDllReadWriteIniFile 77490->77523 77524 5490c0a BaseDllReadWriteIniFile 77490->77524 77525 5490d4f BaseDllReadWriteIniFile 77490->77525 77526 5490b8f BaseDllReadWriteIniFile 77490->77526 77527 5490b02 BaseDllReadWriteIniFile 77490->77527 77528 5490d06 BaseDllReadWriteIniFile 77490->77528 77529 5490d1a BaseDllReadWriteIniFile 77490->77529 77530 5490d5d BaseDllReadWriteIniFile 77490->77530 77531 5490bd3 BaseDllReadWriteIniFile 77490->77531 77532 5490cd4 BaseDllReadWriteIniFile 77490->77532 77533 5490c94 BaseDllReadWriteIniFile 77490->77533 77534 5490b57 BaseDllReadWriteIniFile 77490->77534 77535 5490d6d BaseDllReadWriteIniFile 77490->77535 77536 5490aef BaseDllReadWriteIniFile 77490->77536 77537 5490cee BaseDllReadWriteIniFile 77490->77537 77538 5490be1 BaseDllReadWriteIniFile 77490->77538 77539 5490ba0 BaseDllReadWriteIniFile 77490->77539 77540 5490b23 2 API calls 77490->77540 77541 5490c26 BaseDllReadWriteIniFile 77490->77541 77542 5490ca6 BaseDllReadWriteIniFile 77490->77542 77543 5490db8 BaseDllReadWriteIniFile 77490->77543 77544 5490afb BaseDllReadWriteIniFile 77490->77544 77545 5490d3a BaseDllReadWriteIniFile 77490->77545 77546 5490bfd BaseDllReadWriteIniFile 77490->77546 77547 5490b71 BaseDllReadWriteIniFile 77490->77547 77548 5490c77 BaseDllReadWriteIniFile 77490->77548 77549 5490b36 BaseDllReadWriteIniFile 77490->77549 77972 bfdee0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77490->77972 77973 bfe0f0 RtlAllocateHeap RtlFreeHeap 77490->77973 77491->77490 77494->77490 77495->77490 77496->77490 77497->77490 77498->77490 77499->77490 77500->77490 77501->77490 77502->77490 77503->77490 77504->77490 77505->77490 77506->77490 77507->77490 77508->77490 77509->77490 77510->77490 77511->77490 77512->77490 77513->77490 77514->77490 77515->77490 77516->77490 77517->77490 77518->77490 77519->77490 77520->77490 77521->77490 77522->77490 77523->77490 77524->77490 77525->77490 77526->77490 77527->77490 77528->77490 77529->77490 77530->77490 77531->77490 77532->77490 77533->77490 77534->77490 77535->77490 77536->77490 77537->77490 77538->77490 77539->77490 77540->77490 77541->77490 77542->77490 77543->77490 77544->77490 77545->77490 77546->77490 77547->77490 77548->77490 77549->77490 77551 b98cc6 77550->77551 77552 bc3c50 4 API calls 77551->77552 77553 b98d13 77552->77553 77554 bc9ec0 4 API calls 77553->77554 77555 b98d4d __fread_nolock 77554->77555 77555->77555 77556 b9a68a 77555->77556 77558 bcd850 4 API calls 77555->77558 77557 b62040 4 API calls 77556->77557 77559 b9a68f 77557->77559 77561 b98e05 77558->77561 77560 b62040 4 API calls 77559->77560 77574 b9a5b6 77560->77574 77561->77559 77561->77561 77564 bcd850 4 API calls 77561->77564 77562 c42350 3 API calls 77563 b9a699 77562->77563 77566 b62700 4 API calls 77563->77566 77565 b98e98 77564->77565 77600 54e0d8d GetPrivateProfileStringA 77565->77600 77601 54e0bab GetPrivateProfileStringA 77565->77601 77602 54e0b88 GetPrivateProfileStringA 77565->77602 77603 54e0c47 GetPrivateProfileStringA 77565->77603 77604 54e0ce4 GetPrivateProfileStringA 77565->77604 77605 54e0c84 GetPrivateProfileStringA 77565->77605 77606 54e0d65 GetPrivateProfileStringA 77565->77606 77607 54e0be2 GetPrivateProfileStringA 77565->77607 77608 54e0d00 GetPrivateProfileStringA 77565->77608 77609 54e0c60 GetPrivateProfileStringA 77565->77609 77610 54e0b5a GetPrivateProfileStringA 77565->77610 77611 54e0bfb GetPrivateProfileStringA 77565->77611 77612 54e0d78 GetPrivateProfileStringA 77565->77612 77613 54e0d17 GetPrivateProfileStringA 77565->77613 77614 54e0cf7 GetPrivateProfileStringA 77565->77614 77615 54e0bd7 GetPrivateProfileStringA 77565->77615 77616 54e0c14 GetPrivateProfileStringA 77565->77616 77617 54e0b75 GetPrivateProfileStringA 77565->77617 77618 54e0bd0 GetPrivateProfileStringA 77565->77618 77567 b9a6b0 77566->77567 77568 bc9c70 4 API calls 77567->77568 77569 b9a6c5 77568->77569 77570 b68920 4 API calls 77569->77570 77571 b9a6dd Concurrency::cancel_current_task 77570->77571 77572 c4a68e 4 API calls 77597 b98eca __fread_nolock 77572->77597 77573 b9a667 77573->77230 77574->77562 77574->77573 77575 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77575->77597 77576 bc5b20 4 API calls 77576->77597 77577 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77577->77597 77578 c42f00 3 API calls 77578->77597 77579 b6c430 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77579->77597 77580 c46788 7 API calls 77580->77597 77581 bc59f0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77581->77597 77582 bc8000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77582->77597 77583 bc3c50 4 API calls 77583->77597 77584 c3ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 77584->77597 77585 bc79e0 4 API calls 77585->77597 77586 b74540 14 API calls 77586->77597 77587 c227b0 3 API calls 77587->77597 77588 bc3230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77588->77597 77589 bff0e0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77589->77597 77590 b74970 10 API calls 77590->77597 77593 beda80 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77593->77597 77594 b62830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77594->77597 77596 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77596->77597 77597->77556 77597->77563 77597->77572 77597->77574 77597->77575 77597->77576 77597->77577 77597->77578 77597->77579 77597->77580 77597->77581 77597->77582 77597->77583 77597->77584 77597->77585 77597->77586 77597->77587 77597->77588 77597->77589 77597->77590 77597->77593 77597->77594 77597->77596 77598 bfbfb0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77597->77598 77599 bc3510 4 API calls 77597->77599 77619 5490c4a BaseDllReadWriteIniFile 77597->77619 77620 5490c0a BaseDllReadWriteIniFile 77597->77620 77621 5490d4f BaseDllReadWriteIniFile 77597->77621 77622 5490b8f BaseDllReadWriteIniFile 77597->77622 77623 5490b02 BaseDllReadWriteIniFile 77597->77623 77624 5490d06 BaseDllReadWriteIniFile 77597->77624 77625 5490d1a BaseDllReadWriteIniFile 77597->77625 77626 5490d5d BaseDllReadWriteIniFile 77597->77626 77627 5490bd3 BaseDllReadWriteIniFile 77597->77627 77628 5490cd4 BaseDllReadWriteIniFile 77597->77628 77629 5490c94 BaseDllReadWriteIniFile 77597->77629 77630 5490b57 BaseDllReadWriteIniFile 77597->77630 77631 5490d6d BaseDllReadWriteIniFile 77597->77631 77632 5490aef BaseDllReadWriteIniFile 77597->77632 77633 5490cee BaseDllReadWriteIniFile 77597->77633 77634 5490be1 BaseDllReadWriteIniFile 77597->77634 77635 5490ba0 BaseDllReadWriteIniFile 77597->77635 77636 5490b23 2 API calls 77597->77636 77637 5490c26 BaseDllReadWriteIniFile 77597->77637 77638 5490ca6 BaseDllReadWriteIniFile 77597->77638 77639 5490db8 BaseDllReadWriteIniFile 77597->77639 77640 5490afb BaseDllReadWriteIniFile 77597->77640 77641 5490d3a BaseDllReadWriteIniFile 77597->77641 77642 5490bfd BaseDllReadWriteIniFile 77597->77642 77643 5490b71 BaseDllReadWriteIniFile 77597->77643 77644 5490c77 BaseDllReadWriteIniFile 77597->77644 77645 5490b36 BaseDllReadWriteIniFile 77597->77645 77975 c4a9d6 77597->77975 77981 bfdee0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77597->77981 77982 bfe0f0 RtlAllocateHeap RtlFreeHeap 77597->77982 77598->77597 77599->77597 77600->77597 77601->77597 77602->77597 77603->77597 77604->77597 77605->77597 77606->77597 77607->77597 77608->77597 77609->77597 77610->77597 77611->77597 77612->77597 77613->77597 77614->77597 77615->77597 77616->77597 77617->77597 77618->77597 77619->77597 77620->77597 77621->77597 77622->77597 77623->77597 77624->77597 77625->77597 77626->77597 77627->77597 77628->77597 77629->77597 77630->77597 77631->77597 77632->77597 77633->77597 77634->77597 77635->77597 77636->77597 77637->77597 77638->77597 77639->77597 77640->77597 77641->77597 77642->77597 77643->77597 77644->77597 77645->77597 77647 b9a736 77646->77647 77648 bc3c50 4 API calls 77647->77648 77649 b9a783 77648->77649 77649->77649 77650 bc9ec0 4 API calls 77649->77650 77651 b9a7bc __fread_nolock 77650->77651 77651->77651 77652 b9b98f 77651->77652 77654 bcd850 4 API calls 77651->77654 77653 b62040 4 API calls 77652->77653 77655 b9b994 77653->77655 77658 b9a874 77654->77658 77656 b62040 4 API calls 77655->77656 77671 b9b8bb 77656->77671 77657 c42350 3 API calls 77659 b9b99e 77657->77659 77658->77655 77658->77658 77660 bcd850 4 API calls 77658->77660 77661 b62700 4 API calls 77659->77661 77662 b9a8ff 77660->77662 77663 b9b9b5 77661->77663 77699 54e0d8d GetPrivateProfileStringA 77662->77699 77700 54e0bab GetPrivateProfileStringA 77662->77700 77701 54e0b88 GetPrivateProfileStringA 77662->77701 77702 54e0c47 GetPrivateProfileStringA 77662->77702 77703 54e0ce4 GetPrivateProfileStringA 77662->77703 77704 54e0c84 GetPrivateProfileStringA 77662->77704 77705 54e0d65 GetPrivateProfileStringA 77662->77705 77706 54e0be2 GetPrivateProfileStringA 77662->77706 77707 54e0d00 GetPrivateProfileStringA 77662->77707 77708 54e0c60 GetPrivateProfileStringA 77662->77708 77709 54e0b5a GetPrivateProfileStringA 77662->77709 77710 54e0bfb GetPrivateProfileStringA 77662->77710 77711 54e0d78 GetPrivateProfileStringA 77662->77711 77712 54e0d17 GetPrivateProfileStringA 77662->77712 77713 54e0cf7 GetPrivateProfileStringA 77662->77713 77714 54e0bd7 GetPrivateProfileStringA 77662->77714 77715 54e0c14 GetPrivateProfileStringA 77662->77715 77716 54e0b75 GetPrivateProfileStringA 77662->77716 77717 54e0bd0 GetPrivateProfileStringA 77662->77717 77664 bc9c70 4 API calls 77663->77664 77665 b9b9ca 77664->77665 77666 b68920 4 API calls 77665->77666 77668 b9b9e2 Concurrency::cancel_current_task 77666->77668 77667 c4a68e 4 API calls 77698 b9a931 __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 77667->77698 77669 b9ba3e LoadLibraryA 77668->77669 77672 b9ba5c 77668->77672 77669->77672 77670 b9b96c 77670->77230 77671->77657 77671->77670 77672->77230 77672->77672 77673 b62830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77673->77698 77674 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77674->77698 77675 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77675->77698 77676 c42f00 3 API calls 77676->77698 77677 b6c430 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77677->77698 77678 bc8000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77678->77698 77679 c46788 7 API calls 77679->77698 77680 bc59f0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77680->77698 77681 bc3c50 4 API calls 77681->77698 77682 bc79e0 4 API calls 77682->77698 77683 c3ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 77683->77698 77684 b74540 14 API calls 77684->77698 77685 bc3230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77685->77698 77686 b74970 10 API calls 77686->77698 77687 bff0e0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77687->77698 77690 bfbfb0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77690->77698 77691 beda80 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77691->77698 77692 bc9c70 4 API calls 77692->77698 77693 bc5b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77693->77698 77694 c227b0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77694->77698 77695 c4a9d6 4 API calls 77695->77698 77696 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77696->77698 77697 bc3510 4 API calls 77697->77698 77698->77652 77698->77659 77698->77667 77698->77671 77698->77673 77698->77674 77698->77675 77698->77676 77698->77677 77698->77678 77698->77679 77698->77680 77698->77681 77698->77682 77698->77683 77698->77684 77698->77685 77698->77686 77698->77687 77698->77690 77698->77691 77698->77692 77698->77693 77698->77694 77698->77695 77698->77696 77698->77697 77718 5490c4a BaseDllReadWriteIniFile 77698->77718 77719 5490c0a BaseDllReadWriteIniFile 77698->77719 77720 5490d4f BaseDllReadWriteIniFile 77698->77720 77721 5490b8f BaseDllReadWriteIniFile 77698->77721 77722 5490b02 BaseDllReadWriteIniFile 77698->77722 77723 5490d06 BaseDllReadWriteIniFile 77698->77723 77724 5490d1a BaseDllReadWriteIniFile 77698->77724 77725 5490d5d BaseDllReadWriteIniFile 77698->77725 77726 5490bd3 BaseDllReadWriteIniFile 77698->77726 77727 5490cd4 BaseDllReadWriteIniFile 77698->77727 77728 5490c94 BaseDllReadWriteIniFile 77698->77728 77729 5490b57 BaseDllReadWriteIniFile 77698->77729 77730 5490d6d BaseDllReadWriteIniFile 77698->77730 77731 5490aef BaseDllReadWriteIniFile 77698->77731 77732 5490cee BaseDllReadWriteIniFile 77698->77732 77733 5490be1 BaseDllReadWriteIniFile 77698->77733 77734 5490ba0 BaseDllReadWriteIniFile 77698->77734 77735 5490b23 2 API calls 77698->77735 77736 5490c26 BaseDllReadWriteIniFile 77698->77736 77737 5490ca6 BaseDllReadWriteIniFile 77698->77737 77738 5490db8 BaseDllReadWriteIniFile 77698->77738 77739 5490afb BaseDllReadWriteIniFile 77698->77739 77740 5490d3a BaseDllReadWriteIniFile 77698->77740 77741 5490bfd BaseDllReadWriteIniFile 77698->77741 77742 5490b71 BaseDllReadWriteIniFile 77698->77742 77743 5490c77 BaseDllReadWriteIniFile 77698->77743 77744 5490b36 BaseDllReadWriteIniFile 77698->77744 78011 bfdee0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 77698->78011 78012 bfe0f0 RtlAllocateHeap RtlFreeHeap 77698->78012 77699->77698 77700->77698 77701->77698 77702->77698 77703->77698 77704->77698 77705->77698 77706->77698 77707->77698 77708->77698 77709->77698 77710->77698 77711->77698 77712->77698 77713->77698 77714->77698 77715->77698 77716->77698 77717->77698 77718->77698 77719->77698 77720->77698 77721->77698 77722->77698 77723->77698 77724->77698 77725->77698 77726->77698 77727->77698 77728->77698 77729->77698 77730->77698 77731->77698 77732->77698 77733->77698 77734->77698 77735->77698 77736->77698 77737->77698 77738->77698 77739->77698 77740->77698 77741->77698 77742->77698 77743->77698 77744->77698 77746 54e0d83 GetPrivateProfileStringA 77745->77746 77748 54e0dc2 77746->77748 77750 54e0c97 GetPrivateProfileStringA 77749->77750 77752 54e0dc2 77750->77752 77754 54e0c08 GetPrivateProfileStringA 77753->77754 77756 54e0dc2 77754->77756 77758 54e0b81 GetPrivateProfileStringA 77757->77758 77760 54e0dc2 77758->77760 77762 54e0d6b GetPrivateProfileStringA 77761->77762 77764 54e0dc2 77762->77764 77766 54e0c52 GetPrivateProfileStringA 77765->77766 77768 54e0dc2 77766->77768 77770 54e0d0b GetPrivateProfileStringA 77769->77770 77772 54e0dc2 77770->77772 77774 54e0bf2 GetPrivateProfileStringA 77773->77774 77776 54e0dc2 77774->77776 77778 54e0c05 GetPrivateProfileStringA 77777->77778 77780 54e0dc2 77778->77780 77782 54e0c1f GetPrivateProfileStringA 77781->77782 77784 54e0dc2 77782->77784 77786 54e0b6b GetPrivateProfileStringA 77785->77786 77788 54e0dc2 77786->77788 77790 54e0bf3 GetPrivateProfileStringA 77789->77790 77792 54e0dc2 77790->77792 77794 54e0d04 GetPrivateProfileStringA 77793->77794 77796 54e0dc2 77794->77796 77798 54e0d6b GetPrivateProfileStringA 77797->77798 77800 54e0dc2 77798->77800 77802 54e0bdb GetPrivateProfileStringA 77801->77802 77804 54e0dc2 77802->77804 77807 54e0d2a GetPrivateProfileStringA 77805->77807 77808 54e0dc2 77807->77808 77810 54e0b99 GetPrivateProfileStringA 77809->77810 77812 54e0dc2 77810->77812 77814 54e0b99 GetPrivateProfileStringA 77813->77814 77816 54e0dc2 77814->77816 77818 54e0d0b GetPrivateProfileStringA 77817->77818 77820 54e0dc2 77818->77820 77822 c4a6e5 77821->77822 77823 c4a69d 77821->77823 77970 c4a6fb 4 API calls 2 library calls 77822->77970 77825 c4a6a3 77823->77825 77828 c4a6c0 77823->77828 77968 c42340 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 77825->77968 77826 c4a6b3 77826->77376 77830 c4a6de 77828->77830 77969 c42340 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 77828->77969 77830->77376 77832 5490c88 BaseDllReadWriteIniFile 77831->77832 77834 5490d9e 77832->77834 77836 5490bed BaseDllReadWriteIniFile 77835->77836 77838 5490d9e 77836->77838 77840 5490bd7 BaseDllReadWriteIniFile 77839->77840 77842 5490d9e 77840->77842 77844 5490c33 BaseDllReadWriteIniFile 77843->77844 77846 5490d9e 77844->77846 77848 5490d52 BaseDllReadWriteIniFile 77847->77848 77850 5490d9e 77847->77850 77848->77850 77852 5490baf BaseDllReadWriteIniFile 77851->77852 77854 5490d9e 77852->77854 77856 5490d9e 77855->77856 77858 5490d22 BaseDllReadWriteIniFile 77857->77858 77860 5490d9e 77858->77860 77862 5490d2b BaseDllReadWriteIniFile 77861->77862 77864 5490d9e 77862->77864 77866 5490bd7 BaseDllReadWriteIniFile 77865->77866 77868 5490d9e 77866->77868 77870 5490d61 BaseDllReadWriteIniFile 77869->77870 77872 5490d9e 77870->77872 77874 5490c55 BaseDllReadWriteIniFile 77873->77874 77876 5490d9e 77874->77876 77878 5490cc4 BaseDllReadWriteIniFile 77877->77878 77880 5490d9e 77878->77880 77882 5490b62 BaseDllReadWriteIniFile 77881->77882 77884 5490d9e 77882->77884 77886 5490d09 BaseDllReadWriteIniFile 77885->77886 77888 5490d9e 77886->77888 77890 5490b16 BaseDllReadWriteIniFile 77889->77890 77892 5490d9e 77890->77892 77894 5490d85 BaseDllReadWriteIniFile 77893->77894 77895 5490d9e 77893->77895 77894->77895 77897 5490b0a BaseDllReadWriteIniFile 77896->77897 77899 5490d9e 77897->77899 77901 5490bed BaseDllReadWriteIniFile 77900->77901 77903 5490d9e 77901->77903 77905 5490c36 BaseDllReadWriteIniFile 77904->77905 77907 5490d9e 77905->77907 77909 5490b2b 77908->77909 77913 5490b2d BaseDllReadWriteIniFile 77908->77913 77910 5490aca 77909->77910 77909->77913 77911 5490afb BaseDllReadWriteIniFile 77910->77911 77912 5490ae9 77911->77912 77915 5490d9e 77913->77915 77917 5490cc4 BaseDllReadWriteIniFile 77916->77917 77919 5490d9e 77917->77919 77921 5490d53 BaseDllReadWriteIniFile 77920->77921 77923 5490d9e 77921->77923 77925 5490b16 BaseDllReadWriteIniFile 77924->77925 77927 5490d9e 77925->77927 77929 5490b51 BaseDllReadWriteIniFile 77928->77929 77931 5490d9e 77929->77931 77933 5490c05 BaseDllReadWriteIniFile 77932->77933 77935 5490d9e 77933->77935 77937 5490b84 BaseDllReadWriteIniFile 77936->77937 77939 5490d9e 77937->77939 77941 bc7a10 77940->77941 77942 bc7a4e 77941->77942 77943 bc7ac9 77941->77943 77949 bc7a82 77941->77949 77945 c3ce31 std::_Facet_Register 4 API calls 77942->77945 77971 b67d60 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 77943->77971 77947 bc7a68 77945->77947 77946 bc7ace 77948 bc5e10 4 API calls 77947->77948 77948->77949 77949->77376 77951 bc3568 77950->77951 77952 bc3535 77950->77952 77954 bc35a8 77951->77954 77955 bc358a 77951->77955 77953 c3ce31 std::_Facet_Register 4 API calls 77952->77953 77956 bc353f 77953->77956 77960 b62700 4 API calls 77954->77960 77957 bc79e0 4 API calls 77955->77957 77958 c3ce31 std::_Facet_Register 4 API calls 77956->77958 77959 bc3595 77957->77959 77958->77951 77959->77376 77961 bc35b8 77960->77961 77962 bc9c70 4 API calls 77961->77962 77963 bc35cd 77962->77963 77964 b68920 4 API calls 77963->77964 77965 bc35e2 Concurrency::cancel_current_task 77964->77965 77965->77376 77966->77376 77967->77376 77968->77826 77969->77826 77970->77826 77971->77946 77972->77490 77973->77490 77976 c4a9ea __fread_nolock 77975->77976 77983 c475da 77976->77983 77978 c4aa04 77979 c4207c __fread_nolock 3 API calls 77978->77979 77980 c4aa13 77979->77980 77980->77597 77981->77597 77982->77597 77999 c46559 77983->77999 77985 c47635 77988 c4765a 77985->77988 78005 c478b0 4 API calls 2 library calls 77985->78005 77986 c47602 78004 c422c3 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock __Getctype 77986->78004 77987 c475ed 77987->77985 77987->77986 77998 c4761d 77987->77998 78006 c46574 4 API calls 2 library calls 77988->78006 77993 c4766f 77994 c47698 77993->77994 78007 c46574 4 API calls 2 library calls 77993->78007 77997 c47723 __aulldiv 77994->77997 78008 c46502 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 77994->78008 77998->77978 78000 c46571 77999->78000 78001 c4655e 77999->78001 78000->77987 78010 c42340 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 78001->78010 78003 c4656e 78003->77987 78004->77998 78005->77988 78006->77993 78007->77993 78008->77997 78010->78003 78011->77698 78012->77698 78013 bcc4d0 78014 bcc4fd 78013->78014 78015 bcc4d7 78013->78015 78015->78014 78016 c42350 3 API calls 78015->78016 78017 bc8000 78016->78017 78018 bc804c 78017->78018 78019 bcb180 4 API calls 78017->78019 78020 bc8013 78019->78020 78020->78018 78021 c42350 3 API calls 78020->78021 78022 bc8074 78021->78022 78033 b63b70 4 API calls 2 library calls 78022->78033 78024 bc8121 78025 c3ce31 std::_Facet_Register 4 API calls 78024->78025 78026 bc8128 78025->78026 78034 c3bc3e 4 API calls 6 library calls 78026->78034 78028 bc813b 78035 bc95e0 5 API calls 4 library calls 78028->78035 78030 bc816e 78031 bc81b2 78030->78031 78036 b63b70 4 API calls 2 library calls 78030->78036 78033->78024 78034->78028 78035->78030 78036->78031 78037 54e0423 78038 54e03e4 Process32FirstW 78037->78038 78040 54e044f 78038->78040 78041 bd6570 78042 bd65bf 78041->78042 78043 bd657c 78041->78043 78044 bcb180 4 API calls 78043->78044 78045 bd6586 78044->78045 78045->78042 78046 c42350 3 API calls 78045->78046 78047 bd65f3 78046->78047 78048 5480407 78049 5480422 Process32NextW 78048->78049 78051 5480460 78049->78051 78052 badb80 78063 badbc2 78052->78063 78053 baeea6 78563 ba0360 78053->78563 78056 bc9ec0 4 API calls 78057 baeeec 78056->78057 78058 bc3910 4 API calls 78057->78058 78059 baeef8 78058->78059 78060 bc9ec0 4 API calls 78059->78060 78062 baef2f 78060->78062 78061 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78061->78063 78063->78053 78063->78061 78063->78063 78064 b62830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78063->78064 78067 bc3910 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78063->78067 78068 b88570 17 API calls 78063->78068 78070 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78063->78070 78072 bc3510 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78063->78072 78076 baf0b0 15 API calls 78063->78076 78077 b84730 78063->78077 78138 b85a90 78063->78138 78274 b8a760 78063->78274 78336 b8ba60 78063->78336 78477 b91010 78063->78477 78590 bd1220 15 API calls 2 library calls 78063->78590 78591 bc2640 ExitProcess RtlAllocateHeap RtlFreeHeap 78063->78591 78064->78063 78067->78063 78068->78063 78070->78063 78072->78063 78076->78063 78078 b8478a 78077->78078 78079 bc3c50 4 API calls 78078->78079 78080 b847af 78079->78080 78081 bc9ec0 4 API calls 78080->78081 78082 b847f8 __fread_nolock 78081->78082 78082->78082 78083 b85a27 78082->78083 78084 bcd850 4 API calls 78082->78084 78085 b62040 4 API calls 78083->78085 78086 b848af 78084->78086 78113 b8492b 78085->78113 78087 b848e1 78086->78087 78088 b84d64 78086->78088 78090 bc5e10 4 API calls 78087->78090 78091 bd2a00 4 API calls 78088->78091 78089 c42350 3 API calls 78092 b85a31 78089->78092 78093 b848f2 78090->78093 78103 b84d62 78091->78103 78096 b62700 4 API calls 78092->78096 78094 b80780 15 API calls 78093->78094 78095 b848fd 78094->78095 78097 b84923 78095->78097 78123 b849e2 78095->78123 78098 b85a45 78096->78098 78099 bc8000 5 API calls 78097->78099 78102 bc9c70 4 API calls 78098->78102 78099->78113 78100 b85993 78106 bc8000 5 API calls 78100->78106 78101 b84d53 78105 bc8000 5 API calls 78101->78105 78107 b85a5a 78102->78107 78104 bd2a00 4 API calls 78103->78104 78103->78113 78136 b84e24 std::_Locinfo::_Locinfo_ctor 78103->78136 78104->78136 78105->78103 78106->78113 78108 b68920 4 API calls 78107->78108 78109 b85a72 Concurrency::cancel_current_task 78108->78109 78110 b849dd 78110->78063 78111 bc3c50 4 API calls 78111->78136 78112 bcd850 4 API calls 78112->78123 78113->78089 78113->78110 78114 bc3510 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78114->78136 78115 bc5b90 4 API calls 78115->78123 78116 b80780 15 API calls 78116->78123 78117 bc8000 5 API calls 78117->78123 78118 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78118->78136 78119 bcd660 4 API calls 78119->78136 78120 bc5e10 4 API calls 78120->78123 78123->78083 78123->78101 78123->78112 78123->78113 78123->78115 78123->78116 78123->78117 78123->78120 78592 bd2b20 4 API calls 2 library calls 78123->78592 78124 b74540 14 API calls 78124->78136 78125 bc9ec0 4 API calls 78125->78136 78126 c227b0 3 API calls 78126->78136 78127 bc3230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78127->78136 78128 b74970 10 API calls 78128->78136 78129 bfbfb0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 78129->78136 78132 beda80 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 78132->78136 78133 b62830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78133->78136 78134 c3ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 78134->78136 78135 bccfd0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78135->78136 78136->78083 78136->78092 78136->78100 78136->78111 78136->78113 78136->78114 78136->78118 78136->78119 78136->78124 78136->78125 78136->78126 78136->78127 78136->78128 78136->78129 78136->78132 78136->78133 78136->78134 78136->78135 78137 bff0e0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 78136->78137 78593 bcbc40 4 API calls 3 library calls 78136->78593 78594 bfdee0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 78136->78594 78595 bfe0f0 RtlAllocateHeap RtlFreeHeap 78136->78595 78137->78136 78139 b85ae3 78138->78139 78140 bc3c50 4 API calls 78139->78140 78141 b85b0e 78140->78141 78142 bc9ec0 4 API calls 78141->78142 78143 b85b45 __fread_nolock 78142->78143 78144 bc9c10 4 API calls 78143->78144 78145 b85b9d 78144->78145 78146 b85bca 78145->78146 78147 b85db5 78145->78147 78148 bc5e10 4 API calls 78146->78148 78149 b62700 4 API calls 78147->78149 78150 b85bdb 78148->78150 78151 b85dc5 78149->78151 78152 b80780 15 API calls 78150->78152 78671 bc4ab0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78151->78671 78154 b85bea 78152->78154 78157 b85c00 78154->78157 78213 b85c1d 78154->78213 78155 b85dd8 78156 b62660 3 API calls 78155->78156 78160 b85db3 78156->78160 78158 bc8000 5 API calls 78157->78158 78159 b85c05 78158->78159 78163 bc8000 5 API calls 78159->78163 78161 b85e25 78160->78161 78164 b62700 4 API calls 78160->78164 78168 bc9b50 4 API calls 78161->78168 78162 b85da4 78165 bc8000 5 API calls 78162->78165 78166 b85c0d 78163->78166 78167 b85e03 78164->78167 78165->78160 78169 b62660 3 API calls 78166->78169 78672 bc4ab0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78167->78672 78172 b85e52 78168->78172 78218 b85c18 78169->78218 78171 b85e16 78173 b62660 3 API calls 78171->78173 78174 bc9d70 4 API calls 78172->78174 78173->78161 78175 b85e66 78174->78175 78178 b6bf00 7 API calls 78175->78178 78176 b62660 3 API calls 78179 b884e0 78176->78179 78177 bc9b50 4 API calls 78177->78213 78180 b85e6e 78178->78180 78181 b62660 3 API calls 78179->78181 78183 b62660 3 API calls 78180->78183 78184 b884e8 78181->78184 78182 bc9d70 4 API calls 78182->78213 78190 b85e83 78183->78190 78187 b80780 15 API calls 78187->78213 78189 b62660 3 API calls 78189->78213 78198 bc8000 5 API calls 78198->78213 78213->78162 78213->78177 78213->78182 78213->78187 78213->78189 78213->78198 78670 bc4b10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78213->78670 78218->78176 78275 b8a7ba 78274->78275 78276 bc3c50 4 API calls 78275->78276 78277 b8a7e2 78276->78277 78278 bc9ec0 4 API calls 78277->78278 78279 b8a81d __fread_nolock 78278->78279 78279->78279 78280 b8b9f1 78279->78280 78282 bcd850 4 API calls 78279->78282 78281 b62040 4 API calls 78280->78281 78311 b8a95e 78281->78311 78283 b8a8e2 78282->78283 78285 b8ad8b 78283->78285 78286 b8a914 78283->78286 78284 c42350 3 API calls 78287 b8b9fb 78284->78287 78289 bd2a00 4 API calls 78285->78289 78288 bc5e10 4 API calls 78286->78288 78292 b62700 4 API calls 78287->78292 78290 b8a925 78288->78290 78299 b8ad89 78289->78299 78291 b80780 15 API calls 78290->78291 78293 b8a930 78291->78293 78295 b8ba12 78292->78295 78294 b8a956 78293->78294 78320 b8aa15 78293->78320 78296 bc8000 5 API calls 78294->78296 78300 bc9c70 4 API calls 78295->78300 78296->78311 78297 b8b95d 78301 bc8000 5 API calls 78297->78301 78298 b8ad7a 78303 bc8000 5 API calls 78298->78303 78302 bd2a00 4 API calls 78299->78302 78299->78311 78334 b8ae4b __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z std::_Locinfo::_Locinfo_ctor 78299->78334 78304 b8ba27 78300->78304 78301->78311 78302->78334 78303->78299 78305 b68920 4 API calls 78304->78305 78306 b8ba3f Concurrency::cancel_current_task 78305->78306 78307 bc3c50 4 API calls 78307->78334 78308 b8aa10 78308->78063 78309 bcd850 4 API calls 78309->78320 78310 bc3510 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78310->78334 78311->78284 78311->78308 78312 bc5b90 4 API calls 78312->78320 78313 b80780 15 API calls 78313->78320 78314 bc8000 5 API calls 78314->78320 78315 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78315->78334 78316 bcd660 4 API calls 78316->78334 78319 bc5e10 4 API calls 78319->78320 78320->78280 78320->78298 78320->78309 78320->78311 78320->78312 78320->78313 78320->78314 78320->78319 79011 bd2b20 4 API calls 2 library calls 78320->79011 78321 b74540 14 API calls 78321->78334 78322 c227b0 3 API calls 78322->78334 78323 b74970 10 API calls 78323->78334 78326 c3ce31 std::_Facet_Register 4 API calls 78326->78334 78327 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78327->78334 78328 bfbfb0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 78328->78334 78329 beda80 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 78329->78334 78330 c4a9d6 4 API calls 78330->78334 78331 b62830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78331->78334 78332 bccfd0 4 API calls 78332->78334 78333 bc3230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78333->78334 78334->78280 78334->78287 78334->78297 78334->78307 78334->78310 78334->78311 78334->78315 78334->78316 78334->78321 78334->78322 78334->78323 78334->78326 78334->78327 78334->78328 78334->78329 78334->78330 78334->78331 78334->78332 78334->78333 78335 bff0e0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 78334->78335 79012 bcbc40 4 API calls 3 library calls 78334->79012 79013 bfdee0 RtlAllocateHeap RtlFreeHeap RtlAllocateHeap 78334->79013 79014 bfe0f0 RtlAllocateHeap RtlFreeHeap 78334->79014 78335->78334 78337 b8bab3 78336->78337 78338 bc3c50 4 API calls 78337->78338 78339 b8badd 78338->78339 78340 bc9ec0 4 API calls 78339->78340 78341 b8bb09 __fread_nolock 78340->78341 78342 bc9c10 4 API calls 78341->78342 78343 b8bb61 78342->78343 78344 b8bf2e 78343->78344 78345 b8bb94 78343->78345 78346 b62700 4 API calls 78344->78346 78347 bc5e10 4 API calls 78345->78347 78348 b8bf3e 78346->78348 78349 b8bba5 78347->78349 79016 bc4ab0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78348->79016 78351 b80780 15 API calls 78349->78351 78352 b8bbb0 78351->78352 78356 b8bbc3 78352->78356 78423 b8bbfb 78352->78423 78353 b8bf54 78354 b62660 3 API calls 78353->78354 78355 b8bf2c 78354->78355 78361 b62700 4 API calls 78355->78361 78364 b8bfbc 78355->78364 78358 bc8000 5 API calls 78356->78358 78357 b8bf1d 78359 bc8000 5 API calls 78357->78359 78360 b8bbc8 78358->78360 78359->78355 78362 bc8000 5 API calls 78360->78362 78363 b8bf97 78361->78363 78366 b8bbd3 78362->78366 79017 bc4ab0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78363->79017 78365 b8ddf4 78364->78365 78368 bcd850 4 API calls 78364->78368 78370 b62040 4 API calls 78365->78370 78369 b62660 3 API calls 78366->78369 78372 b8c01d 78368->78372 78373 b8bbde 78369->78373 78374 b8ddf9 78370->78374 78371 b8bfad 78375 b62660 3 API calls 78371->78375 78382 b8c052 std::_Locinfo::_Locinfo_ctor 78372->78382 79018 bcbc40 4 API calls 3 library calls 78372->79018 78376 b62660 3 API calls 78373->78376 78377 c42350 3 API calls 78374->78377 78375->78364 78380 b8bbe6 78376->78380 78378 b8ddfe 78377->78378 78381 b62040 4 API calls 78378->78381 78384 b62660 3 API calls 78380->78384 78385 b8de03 78381->78385 78386 b6bf00 7 API calls 78382->78386 78383 bc9b50 4 API calls 78383->78423 78387 b8bbee 78384->78387 78388 c42350 3 API calls 78385->78388 78395 b8c0dd 78386->78395 78389 bc9d70 4 API calls 78389->78423 78392 bc9bb0 4 API calls 78392->78423 78393 b80780 15 API calls 78393->78423 78395->78374 78396 b8c19a 78395->78396 78398 bc9b50 4 API calls 78395->78398 78396->78378 78400 bcd850 4 API calls 78396->78400 78402 b8c162 78398->78402 78399 b62660 ExitProcess RtlAllocateHeap RtlFreeHeap 78399->78423 78403 b8c1f8 78400->78403 78405 b6bf00 7 API calls 78402->78405 78414 bc8000 5 API calls 78414->78423 78421 bc5e10 4 API calls 78421->78423 78423->78357 78423->78383 78423->78389 78423->78392 78423->78393 78423->78399 78423->78414 78423->78421 79015 bd2b20 4 API calls 2 library calls 78423->79015 78478 b9108f __fread_nolock 78477->78478 78478->78478 78479 b92a32 78478->78479 78481 bcd850 4 API calls 78478->78481 78480 b62040 4 API calls 78479->78480 78513 b91181 78480->78513 78482 b910ff 78481->78482 78484 b915ba 78482->78484 78485 b91136 78482->78485 78483 c42350 3 API calls 78486 b92a3c 78483->78486 78488 bd2a00 4 API calls 78484->78488 78487 bc5e10 4 API calls 78485->78487 78489 b62040 4 API calls 78486->78489 78490 b91147 78487->78490 78499 b915b5 78488->78499 78491 b92a41 78489->78491 78492 b80780 15 API calls 78490->78492 78493 c42350 3 API calls 78491->78493 78494 b91153 78492->78494 78495 b92a46 78493->78495 78496 b91179 78494->78496 78539 b91238 78494->78539 79075 bc93d0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78495->79075 78497 bc8000 5 API calls 78496->78497 78497->78513 78498 b915a9 78503 bc8000 5 API calls 78498->78503 78502 bd2a00 4 API calls 78499->78502 78505 b91674 78499->78505 78499->78513 78502->78505 78503->78499 78505->78486 78505->78505 78511 bcd850 4 API calls 78505->78511 78505->78513 78508 b91233 78508->78063 78510 bcd850 4 API calls 78510->78539 78512 b917a7 78511->78512 78516 b6b8e0 9 API calls 78512->78516 78513->78483 78513->78508 78515 bc5b90 4 API calls 78515->78539 78518 b917bb 78516->78518 78521 bca250 5 API calls 78518->78521 78562 b91970 78518->78562 78520 b80780 15 API calls 78520->78539 78522 b91816 78521->78522 78528 bc9ec0 4 API calls 78522->78528 78524 b9290a 78524->78513 78525 bc8000 5 API calls 78524->78525 78525->78513 78526 bc8000 5 API calls 78526->78539 78531 b91854 78528->78531 78534 bc9ec0 4 API calls 78531->78534 78531->78562 78532 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78532->78562 78533 bcd660 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78533->78562 78536 b91894 78534->78536 78540 bc9ec0 4 API calls 78536->78540 78537 bc5e10 4 API calls 78537->78539 78538 b6b8e0 9 API calls 78538->78562 78539->78479 78539->78498 78539->78510 78539->78513 78539->78515 78539->78520 78539->78526 78539->78537 79067 bd2b20 4 API calls 2 library calls 78539->79067 78541 b918d4 78540->78541 78543 bc9ec0 4 API calls 78541->78543 78541->78562 78542 bca250 5 API calls 78542->78562 78544 b91914 78543->78544 78545 bc9ec0 4 API calls 78544->78545 78546 b91954 78545->78546 78550 bc9ec0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78550->78562 78551 bc5b20 4 API calls 78551->78562 78553 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78553->78562 78554 b80780 15 API calls 78554->78562 78555 bc8000 5 API calls 78555->78562 78558 b62830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78558->78562 78562->78479 78562->78491 78562->78495 78562->78513 78562->78524 78562->78532 78562->78533 78562->78538 78562->78542 78562->78550 78562->78551 78562->78553 78562->78554 78562->78555 78562->78558 79027 b90890 78562->79027 79070 bca000 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap Concurrency::cancel_current_task 78562->79070 79071 b62540 5 API calls std::_Locinfo::_Locinfo_ctor 78562->79071 79072 bc59f0 4 API calls 3 library calls 78562->79072 79073 bd1b00 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78562->79073 79074 bc2640 ExitProcess RtlAllocateHeap RtlFreeHeap 78562->79074 78564 ba03ac 78563->78564 78565 bc3c50 4 API calls 78564->78565 78566 ba03df 78565->78566 78567 bc9ec0 4 API calls 78566->78567 78587 ba0407 __fread_nolock 78567->78587 78568 ba044c RegOpenKeyExA 78568->78587 78569 ba11de 78569->78056 78570 bc5c30 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78570->78587 78571 b7ffc0 5 API calls 78571->78587 78572 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78572->78587 78573 ba11f7 78574 b62700 4 API calls 78573->78574 78576 ba120e 78574->78576 78575 b62830 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78575->78587 78577 bc9c70 4 API calls 78576->78577 78579 ba1223 78577->78579 78578 bccfd0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 78578->78587 78580 b68920 4 API calls 78579->78580 78581 ba123b Concurrency::cancel_current_task 78580->78581 78582 c42350 3 API calls 78581->78582 78584 ba1254 78582->78584 78583 c3ce31 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap std::_Facet_Register 78583->78587 78585 bc9ec0 4 API calls 78585->78587 78587->78568 78587->78569 78587->78570 78587->78571 78587->78572 78587->78573 78587->78575 78587->78578 78587->78581 78587->78583 78587->78585 78589 b62660 ExitProcess RtlAllocateHeap RtlFreeHeap 78587->78589 79255 bc3230 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap Concurrency::cancel_current_task 78587->79255 79256 b627b0 ExitProcess RtlAllocateHeap RtlFreeHeap 78587->79256 78589->78587 78590->78063 78591->78063 78592->78123 78593->78136 78594->78136 78595->78136 78670->78213 78671->78155 78672->78171 79011->78320 79012->78334 79013->78334 79014->78334 79015->78423 79016->78353 79017->78371 79018->78382 79028 bc5e10 4 API calls 79027->79028 79029 b90900 79028->79029 79030 b6b8e0 9 API calls 79029->79030 79031 b9090b 79030->79031 79076 c3bc3e 4 API calls 6 library calls 79031->79076 79033 b90983 79077 bc91d0 5 API calls 5 library calls 79033->79077 79035 b9099b 79078 bcadf0 5 API calls std::_Facet_Register 79035->79078 79037 b909cd 79067->78539 79070->78562 79071->78562 79072->78562 79074->78562 79076->79033 79077->79035 79078->79037 79255->78587 79256->78587 79257 bbd180 79384 ba2250 79257->79384 79259 bbd1e1 79259->79259 79260 bbd238 79259->79260 79261 bbebd6 79259->79261 79263 bcd850 4 API calls 79260->79263 79262 b62040 4 API calls 79261->79262 79265 bbebdb 79262->79265 79264 bbd261 CreateDirectoryA 79263->79264 79271 bbde0f 79264->79271 79373 bbd28c std::_Locinfo::_Locinfo_ctor __Mtx_unlock 79264->79373 79266 b62040 4 API calls 79265->79266 79267 bbebe0 79266->79267 79269 c42350 3 API calls 79267->79269 79268 bbdde1 79273 bc5e10 4 API calls 79268->79273 79274 bbebe5 79269->79274 79270 bbea99 79275 bbea5f 79271->79275 79279 bbde78 79271->79279 79280 bbec20 79271->79280 79272 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 79272->79373 79284 bbddf2 79273->79284 80872 c3c05c 8 API calls std::locale::_Setgloballocale 79274->80872 79275->79270 79278 c42350 3 API calls 79275->79278 79277 bbebeb 79281 b62040 4 API calls 79277->79281 79299 bbec74 79278->79299 79283 bcd850 4 API calls 79279->79283 79282 b62040 4 API calls 79280->79282 79285 bbebf0 79281->79285 79286 bbec25 79282->79286 79287 bbdea1 CreateDirectoryA 79283->79287 79284->79271 79288 b6c050 13 API calls 79284->79288 79289 c42350 3 API calls 79285->79289 79291 b62040 4 API calls 79286->79291 79301 bbea2c 79287->79301 79371 bbdec6 std::_Locinfo::_Locinfo_ctor __Mtx_unlock 79287->79371 79288->79271 79290 bbebf5 79289->79290 80873 c3c05c 8 API calls std::locale::_Setgloballocale 79290->80873 79293 bbec2a 79291->79293 79295 c42350 3 API calls 79293->79295 79294 bbebfb 79298 b62040 4 API calls 79294->79298 79300 bbec2f 79295->79300 79296 bbe9fe 79297 bc5e10 4 API calls 79296->79297 79302 bbea0f 79297->79302 79303 bbec00 79298->79303 79304 bbed1a 79299->79304 79305 bbefe3 79299->79305 79351 bbee15 79299->79351 80876 c3c05c 8 API calls std::locale::_Setgloballocale 79300->80876 79301->79275 79307 c42350 3 API calls 79301->79307 79973 b713c0 79302->79973 79310 c42350 3 API calls 79303->79310 79311 bcd850 4 API calls 79304->79311 79309 b62040 4 API calls 79305->79309 79307->79275 79317 bbefe8 79309->79317 79318 bbec05 79310->79318 79319 bbed40 79311->79319 79312 bbec35 79320 b62040 4 API calls 79312->79320 79313 bbeff2 79321 b62040 4 API calls 79313->79321 79314 bbee66 79322 bcd850 4 API calls 79314->79322 79315 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 79315->79373 79325 c42350 3 API calls 79317->79325 80874 c3c05c 8 API calls std::locale::_Setgloballocale 79318->80874 79327 bbed7e 79319->79327 80880 bd10f0 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 79319->80880 79328 bbec3a 79320->79328 79329 bbee9e 79321->79329 79323 bbee8c 79322->79323 79330 bc5e10 4 API calls 79323->79330 79324 bc5b90 4 API calls 79324->79373 79333 bbefed 79325->79333 80881 b6c820 RtlAllocateHeap RtlFreeHeap ___std_exception_destroy ___std_exception_copy 79327->80881 79335 c42350 3 API calls 79328->79335 79336 c42350 3 API calls 79329->79336 79352 bbeed0 79329->79352 79330->79329 79337 c42350 3 API calls 79333->79337 79334 bbec0b 79338 c42350 3 API calls 79334->79338 79340 bbec3f 79335->79340 79341 bbeffc 79336->79341 79337->79313 79342 bbec10 79338->79342 80877 c3c05c 8 API calls std::locale::_Setgloballocale 79340->80877 79345 b62040 4 API calls 79342->79345 79343 bbedaa 79343->79317 79346 bbeddd 79343->79346 79348 bbec15 79345->79348 79346->79333 79346->79351 79347 bbec45 79349 b62040 4 API calls 79347->79349 80875 c3c05c 8 API calls std::locale::_Setgloballocale 79348->80875 79350 bbec4a 79349->79350 79354 c42350 3 API calls 79350->79354 79351->79313 79351->79314 79356 bbec4f 79354->79356 79355 bbec1b 79357 c42350 3 API calls 79355->79357 80878 c3c05c 8 API calls std::locale::_Setgloballocale 79356->80878 79357->79280 79359 bc5b90 4 API calls 79359->79371 79360 bbec55 79361 c42350 3 API calls 79360->79361 79363 bbec5a 79361->79363 79362 c3c3b3 GetSystemTimePreciseAsFileTime 79362->79371 79364 b62040 4 API calls 79363->79364 79365 bbec5f 79364->79365 80879 c3c05c 8 API calls std::locale::_Setgloballocale 79365->80879 79367 bbec65 79368 c42350 3 API calls 79367->79368 79368->79301 79369 bcbc40 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 79369->79373 79370 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 79370->79371 79371->79286 79371->79293 79371->79296 79371->79300 79371->79312 79371->79328 79371->79340 79371->79347 79371->79350 79371->79356 79371->79359 79371->79360 79371->79362 79371->79363 79371->79365 79371->79367 79371->79370 79375 bcbc40 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 79371->79375 79376 b62830 4 API calls 79371->79376 79379 bcd660 4 API calls 79371->79379 79382 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 79371->79382 79383 b6f050 14 API calls 79371->79383 80871 bc59f0 4 API calls 3 library calls 79371->80871 79372 b62830 4 API calls 79372->79373 79373->79265 79373->79267 79373->79268 79373->79272 79373->79274 79373->79277 79373->79285 79373->79290 79373->79294 79373->79303 79373->79315 79373->79318 79373->79324 79373->79334 79373->79342 79373->79348 79373->79355 79373->79369 79373->79372 79374 bcd660 4 API calls 79373->79374 79377 c3c3b3 GetSystemTimePreciseAsFileTime 79373->79377 80699 bc59f0 4 API calls 3 library calls 79373->80699 80700 b6f050 79373->80700 79374->79373 79375->79371 79376->79371 79377->79373 79379->79371 79382->79371 79383->79371 79385 ba2272 79384->79385 79386 ba2620 79385->79386 79387 bc9b50 4 API calls 79385->79387 79389 bc9b50 4 API calls 79386->79389 79391 ba3b3e 79386->79391 79390 ba22cd 79387->79390 79388 ba4f1f 79388->79259 79392 ba2655 79389->79392 79395 ba22de CreateDirectoryA 79390->79395 79393 bc9b50 4 API calls 79391->79393 79394 ba4cf6 79391->79394 79398 ba266a CreateDirectoryA 79392->79398 79396 ba3b8f 79393->79396 79394->79388 79397 bc9b50 4 API calls 79394->79397 79399 ba22ea 79395->79399 79400 ba260e 79395->79400 79404 ba3ba4 CreateDirectoryA 79396->79404 79401 ba4d29 79397->79401 79402 ba3b2c 79398->79402 79403 ba2677 79398->79403 79411 bc9b50 4 API calls 79399->79411 79405 b62660 3 API calls 79400->79405 79408 ba4d3e CreateDirectoryA 79401->79408 79409 b62660 3 API calls 79402->79409 79414 bc9b50 4 API calls 79403->79414 79406 ba3bb1 79404->79406 79407 ba4ce4 79404->79407 79405->79386 79418 bc9b50 4 API calls 79406->79418 79410 b62660 3 API calls 79407->79410 79412 ba4d4b 79408->79412 79413 ba4f14 79408->79413 79409->79391 79410->79394 79415 ba2328 79411->79415 79419 bc9b50 4 API calls 79412->79419 79416 b62660 3 API calls 79413->79416 79417 ba26b6 79414->79417 79420 ba233b CreateDirectoryA 79415->79420 79416->79388 79423 ba26ca CreateDirectoryA 79417->79423 79421 ba3bec 79418->79421 79422 ba4d87 79419->79422 79424 ba234c __fread_nolock 79420->79424 79425 ba2447 79420->79425 79428 ba3bfe CreateDirectoryA 79421->79428 79429 ba4d99 CreateDirectoryA 79422->79429 79426 ba282a 79423->79426 79427 ba26d5 79423->79427 79430 ba235e SHGetFolderPathA 79424->79430 79434 bc9b50 4 API calls 79425->79434 79438 bc9b50 4 API calls 79426->79438 79436 b62700 4 API calls 79427->79436 79431 ba3c0b 79428->79431 79432 ba3d2e 79428->79432 79433 ba4ef3 79429->79433 79466 ba4da6 79429->79466 79435 ba2398 79430->79435 79441 b62700 4 API calls 79431->79441 79444 bc9b50 4 API calls 79432->79444 79437 b6c050 13 API calls 79433->79437 79442 ba4f06 79433->79442 79439 ba2479 79434->79439 79440 b62700 4 API calls 79435->79440 79454 ba270b 79436->79454 79437->79442 79443 ba2865 79438->79443 79446 ba248d CreateDirectoryA 79439->79446 79445 ba23a4 79440->79445 79464 ba3c5c 79441->79464 79449 b62660 3 API calls 79442->79449 79450 ba2879 CreateDirectoryA 79443->79450 79447 ba3d6e 79444->79447 79448 bc9c70 4 API calls 79445->79448 79451 ba2498 __fread_nolock 79446->79451 79452 ba25e0 79446->79452 79453 ba3d80 CreateDirectoryA 79447->79453 79455 ba23ba 79448->79455 79449->79413 79457 ba2c93 79450->79457 79458 ba2884 79450->79458 79459 ba24ab SHGetFolderPathA 79451->79459 79456 ba25f5 79452->79456 79463 b6c050 13 API calls 79452->79463 79460 ba3e98 79453->79460 79461 ba3d8d 79453->79461 79468 bc9c70 4 API calls 79454->79468 79462 b62660 3 API calls 79455->79462 79465 b62660 3 API calls 79456->79465 79475 bc9b50 4 API calls 79457->79475 79476 b62700 4 API calls 79458->79476 79467 ba24eb 79459->79467 79482 bc9b50 4 API calls 79460->79482 79478 b62700 4 API calls 79461->79478 79469 ba23cc 79462->79469 79463->79456 79473 bc9c70 4 API calls 79464->79473 79470 ba2603 79465->79470 79471 b62830 4 API calls 79466->79471 79477 b62700 4 API calls 79467->79477 79472 ba275a 79468->79472 79486 b6bf90 10 API calls 79469->79486 79474 b62660 3 API calls 79470->79474 79488 ba4e1c 79471->79488 79479 b62660 3 API calls 79472->79479 79480 ba3c9f 79473->79480 79474->79400 79481 ba2cce 79475->79481 79493 ba28c5 79476->79493 79484 ba24f7 79477->79484 79504 ba3dc6 79478->79504 79485 ba276c 79479->79485 79487 b62660 3 API calls 79480->79487 79492 ba2ce2 CreateDirectoryA 79481->79492 79483 ba3ec2 79482->79483 79494 ba3ed4 CreateDirectoryA 79483->79494 79489 bc9c70 4 API calls 79484->79489 79505 b62700 4 API calls 79485->79505 79490 ba23de 79486->79490 79491 ba3cb1 79487->79491 79499 bc9c70 4 API calls 79488->79499 79495 ba250d 79489->79495 79496 ba2419 79490->79496 79506 bc5e10 4 API calls 79490->79506 79513 b6bf90 10 API calls 79491->79513 79497 ba2ced 79492->79497 79498 ba2e60 79492->79498 79508 bc9c70 4 API calls 79493->79508 79500 ba3fee 79494->79500 79501 ba3ee1 79494->79501 79503 b62660 3 API calls 79495->79503 79502 b6c050 13 API calls 79496->79502 79509 ba2420 79496->79509 79514 b62700 4 API calls 79497->79514 79517 bc9b50 4 API calls 79498->79517 79507 ba4e69 79499->79507 79523 bc9b50 4 API calls 79500->79523 79526 b62700 4 API calls 79501->79526 79502->79509 79510 ba251f 79503->79510 79518 bc9c70 4 API calls 79504->79518 79511 ba2784 79505->79511 79512 ba23f9 79506->79512 79515 b62660 3 API calls 79507->79515 79516 ba2908 79508->79516 79527 b62660 3 API calls 79509->79527 79532 b62700 4 API calls 79510->79532 79519 b6bf00 7 API calls 79511->79519 79520 bc5e10 4 API calls 79512->79520 79521 ba3cc3 79513->79521 79547 ba2d42 79514->79547 79524 ba4e7b 79515->79524 79525 b62660 3 API calls 79516->79525 79528 ba2ea5 79517->79528 79529 ba3e09 79518->79529 79551 ba2789 79519->79551 79530 ba240e 79520->79530 79522 ba3d00 79521->79522 79531 bc5e10 4 API calls 79521->79531 79533 b6c050 13 API calls 79522->79533 79542 ba3d07 79522->79542 79536 ba402c 79523->79536 79553 b6bf90 10 API calls 79524->79553 79537 ba291a 79525->79537 79561 ba3f1c 79526->79561 79527->79425 79540 ba2eb9 CreateDirectoryA 79528->79540 79538 b62660 3 API calls 79529->79538 79535 b6f050 14 API calls 79530->79535 79539 ba3cdf 79531->79539 79541 ba2537 79532->79541 79533->79542 79534 ba27ff 79544 b6c050 13 API calls 79534->79544 79545 ba2803 79534->79545 79535->79496 79552 ba403e CreateDirectoryA 79536->79552 79560 b62700 4 API calls 79537->79560 79543 ba3e1b 79538->79543 79546 bc5e10 4 API calls 79539->79546 79548 ba301b 79540->79548 79549 ba2ec4 79540->79549 79550 b6bf00 7 API calls 79541->79550 79555 b62660 3 API calls 79542->79555 79562 b6bf90 10 API calls 79543->79562 79544->79545 79563 b62660 3 API calls 79545->79563 79554 ba3cf4 79546->79554 79565 bc9c70 4 API calls 79547->79565 79573 bc9b50 4 API calls 79548->79573 79572 b62700 4 API calls 79549->79572 79551->79534 79556 bc9b50 4 API calls 79551->79556 79557 ba404b 79552->79557 79558 ba4718 79552->79558 79559 ba4e8d 79553->79559 79564 b6f050 14 API calls 79554->79564 79555->79432 79592 ba27d1 79556->79592 79585 b62700 4 API calls 79557->79585 79584 bc9b50 4 API calls 79558->79584 79567 ba4ec7 79559->79567 79574 bc5e10 4 API calls 79559->79574 79568 ba2932 79560->79568 79576 bc9c70 4 API calls 79561->79576 79569 ba3e2d 79562->79569 79563->79426 79564->79522 79570 ba2d85 79565->79570 79571 b6c050 13 API calls 79567->79571 79581 ba4ece 79567->79581 79575 b6bf00 7 API calls 79568->79575 79579 ba3e6a 79569->79579 79588 bc5e10 4 API calls 79569->79588 79580 b62660 3 API calls 79570->79580 79571->79581 79605 ba2f04 79572->79605 79583 ba305f 79573->79583 79586 ba4ea7 79574->79586 79610 ba2937 79575->79610 79587 ba3f5f 79576->79587 79589 ba2d97 79580->79589 79598 b62660 3 API calls 79581->79598 79594 bc5e10 4 API calls 79586->79594 79596 b62660 3 API calls 79587->79596 79623 b62660 3 API calls 79592->79623 79602 ba4ebc 79594->79602 79598->79433 79623->79534 80892 c3f090 79973->80892 79976 c3f090 __fread_nolock 79977 b7142a SHGetFolderPathA 79976->79977 79978 b71471 79977->79978 79979 b62830 4 API calls 79978->79979 80699->79373 80701 b6f0d6 80700->80701 80702 b6f654 80701->80702 80703 bcd850 4 API calls 80701->80703 80704 b62040 4 API calls 80702->80704 80750 b6f129 __Mtx_unlock 80703->80750 80705 b6f659 80704->80705 81746 c3c05c 8 API calls std::locale::_Setgloballocale 80705->81746 80707 c42350 3 API calls 80711 b6f664 __fread_nolock 80707->80711 80708 b6f4d5 80708->80707 80710 b6f638 80708->80710 80709 bc5b20 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 80709->80750 80710->79373 80712 b62830 4 API calls 80711->80712 80713 b6f739 80712->80713 80714 bc9c70 4 API calls 80713->80714 80716 b6f74f 80714->80716 80715 bcd850 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 80715->80750 80717 b6f780 80716->80717 80719 b704a5 80716->80719 80718 c3c3b3 GetSystemTimePreciseAsFileTime 80717->80718 80720 b6f7b1 80718->80720 80721 c42350 3 API calls 80719->80721 80723 b704aa 80720->80723 80721->80723 80724 bc5c90 ExitProcess RtlAllocateHeap RtlFreeHeap 80724->80750 80731 c3c3b3 GetSystemTimePreciseAsFileTime 80731->80750 80750->80702 80750->80705 80750->80708 80750->80709 80750->80715 80750->80724 80750->80731 80753 bc5e10 RtlAllocateHeap ExitProcess RtlAllocateHeap RtlFreeHeap 80750->80753 80757 b6f050 13 API calls 80750->80757 80753->80750 80757->80750 80871->79371 80880->79327 80881->79343 80893 b713fd SHGetFolderPathA 80892->80893 80893->79976 81755 bc8e60 81756 bc8e87 81755->81756 81757 bc8e77 81755->81757 81757->81756 81758 c42350 3 API calls 81757->81758 81759 bc8e9c 81758->81759 81760 bc8f38 81759->81760 81767 c3c162 81759->81767 81764 bc8ee2 81778 bcaf50 5 API calls 6 library calls 81764->81778 81766 bc8f02 81768 c3c0be 81767->81768 81770 c42ef5 3 API calls 81768->81770 81772 c3c117 81768->81772 81776 bc8ed1 81768->81776 81770->81772 81771 c3c13b 81773 c46cd6 6 API calls 81771->81773 81771->81776 81775 c3c11e 81772->81775 81779 c42ef5 81772->81779 81773->81775 81774 c46788 7 API calls 81774->81776 81775->81774 81775->81776 81776->81760 81777 bc7de0 ExitProcess RtlAllocateHeap RtlFreeHeap 81776->81777 81777->81764 81778->81766 81781 c42e3e __fread_nolock 81779->81781 81780 c42e51 81786 c42340 ExitProcess RtlAllocateHeap RtlFreeHeap __fread_nolock 81780->81786 81781->81780 81782 c42e71 81781->81782 81784 c54228 2 API calls 81782->81784 81785 c42e61 81782->81785 81784->81785 81785->81771 81786->81785 81787 553096d 81788 5530978 GetCurrentHwProfileW 81787->81788 81789 553098d 81788->81789

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00BA2010 Relevance: 291.5, APIs: 22, Strings: 143, Instructions: 2735COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA22E0
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA233C
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA2CE3
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA2EBA
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA3074
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA3257
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA353E
                                                                                                                                                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00BA236D
                                                                                                                                                                                                            • Part of subcall function 00B6BF90: GetFileAttributesA.KERNEL32(?,?,787C6B7B), ref: 00B6BFBE
                                                                                                                                                                                                            • Part of subcall function 00B6BF90: __Mtx_unlock.LIBCPMT ref: 00B6BFEE
                                                                                                                                                                                                            • Part of subcall function 00BC5E10: Concurrency::cancel_current_task.LIBCPMT ref: 00BC5EF7
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA248E
                                                                                                                                                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00BA24BD
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA266D
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA26CB
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA287A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateDirectory$FolderPath$AttributesConcurrency::cancel_current_taskFileMtx_unlock
                                                                                                                                                                                                          • String ID: AGC$LK$\FR$$v3)$(='>$.)%9$8b96$?#?/$AUE$AUE$CWK[$DGGL$DYCZ$DYCZ$DYCZ$DYCZ$DYCZ$EC^\$EC^\$EMA$EMA$FICZ$FU_F$HSS$HSS$HSS$J@}$J@}$J@}$JBB$JNL]$JNL]$JNL]$J^nB$K% /$LEC$Ln#+$MEJ$MEJ$MEJ$MEJ$MEJ$NO_O$NvDB$NvDB$OU\R$QORP$R\\T$SYM$T[OD$T\LK$XICI$Y\AK$[_CS$[_CS$[_CS$\XB^$]UQ[$^BNF$_@H$_@H$_CFK$_DH\$e.$ $fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$f|t$gm}~$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$kHKU$kKM_$kgjk$kqes$r{lx$tJY^${IJI${IJI${IJI${IJI${IJI${KFD${KFD${KFD${KFD${KFD${LH^${LH^${LH^${MPu${[H\${[XF${[XF${[XF${\FR${_JR${aj{${aj{${dFI${dFI${dFI${d\D${e@D${eLY${jH^${jH^${mEO${n@F${n@F${nLK${oHG${o[E${x@N${{@M${{@M${{BS${{]O${|FR${|eK${~bh${~yd
                                                                                                                                                                                                          • API String ID: 4270311917-1976377417
                                                                                                                                                                                                          • Opcode ID: 4df6f9fc1452063458a6bff9a0429f873e513c764c2390691ef86b9ec412d4d3
                                                                                                                                                                                                          • Instruction ID: 914d7c444257caaebee464bf6fa2767875b4fba20efb7f67fd8cff05989fada7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4df6f9fc1452063458a6bff9a0429f873e513c764c2390691ef86b9ec412d4d3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C438F70C046589AEF25EB64CD55BEEB7B4AF21304F4441D8E44977282EB746F88CFA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BA2250 Relevance: 289.5, APIs: 22, Strings: 142, Instructions: 2535COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA22E0
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA233C
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA2CE3
                                                                                                                                                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00BA236D
                                                                                                                                                                                                            • Part of subcall function 00B6BF90: GetFileAttributesA.KERNEL32(?,?,787C6B7B), ref: 00B6BFBE
                                                                                                                                                                                                            • Part of subcall function 00B6BF90: __Mtx_unlock.LIBCPMT ref: 00B6BFEE
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA248E
                                                                                                                                                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00BA24BD
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA266D
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA26CB
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA287A
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateDirectory$FolderPath$AttributesFileMtx_unlock
                                                                                                                                                                                                          • String ID: AGC$LK$\FR$$v3)$(='>$.)%9$8b96$?#?/$AUE$AUE$CWK[$DGGL$DYCZ$DYCZ$DYCZ$DYCZ$DYCZ$EC^\$EC^\$EMA$EMA$FICZ$FU_F$HSS$HSS$HSS$J@}$J@}$J@}$JBB$JNL]$JNL]$JNL]$J^nB$K% /$LEC$Ln#+$MEJ$MEJ$MEJ$MEJ$MEJ$NO_O$NvDB$NvDB$OU\R$QORP$R\\T$SYM$T[OD$XICI$Y\AK$[_CS$[_CS$[_CS$\XB^$]UQ[$^BNF$_@H$_@H$_CFK$_DH\$e.$ $fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$fxyn$f|t$gm}~$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$jxl$kHKU$kKM_$kgjk$kqes$r{lx$tJY^${IJI${IJI${IJI${IJI${IJI${KFD${KFD${KFD${KFD${KFD${LH^${LH^${LH^${MPu${[H\${[XF${[XF${[XF${\FR${_JR${aj{${aj{${dFI${dFI${dFI${d\D${e@D${eLY${jH^${jH^${mEO${n@F${n@F${nLK${oHG${o[E${x@N${{@M${{@M${{BS${{]O${|FR${|eK${~bh${~yd
                                                                                                                                                                                                          • API String ID: 2791087084-1101755663
                                                                                                                                                                                                          • Opcode ID: 9d4c2448c20a0f17ef433d47775b109cac499e9ac3e5f1225a9f59e4db586723
                                                                                                                                                                                                          • Instruction ID: e270ed7980d60c583266cd0c512de68bc45c77ee9194fc0469b0a21a25d7b731
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d4c2448c20a0f17ef433d47775b109cac499e9ac3e5f1225a9f59e4db586723
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9337E70C046589AEB25EB64CD55BEEB7B4AF21304F4441D8E44977282EF746F88CFA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BB52B0 Relevance: 263.4, APIs: 36, Strings: 110, Instructions: 7898COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mtx_unlock$AttributesCreateDirectoryFile
                                                                                                                                                                                                          • String ID: \Q^$\Q^$\Q^$\Q^$\Q^$\Q^$\Q^$@EH]$@EH]$@EH]$@^uS$@^uS$@^uS$@^uS$BPYC$BPYC$BPYC$BPYC$BPYu$BPYu$BPYu$BPYu$C@M$CGDK$CGDK$DI[N$DI[N$DJDB$DJDB$E@BO$E@BO$EM@K$EM@K$FCCZ$FCCZ$G@X#$IAJA$IAJA$IIDO$IIDO$IIDO$IIDO$IIDO$IIDO$KIZ^$KIZ^$LQCV$LQCV$MUC$MUC$O\]Z$QIE_$QIE_$RIL\$RIL\$RZE$RZE$RZE$RZE$SADO$SADO$SGBO$TMJ_$TMJ_$TM[\$WI]B$WI]B$WI]B$WI]B$WI]B$X!'$X&'$YMYG$YMYG$YMYG$YMYG$\_H\$\_H\$\_H\$\_H\$\_H\$_C_W$_TY$aiey$aiey$dBAW$dBAW$sz|o$sz|o$sz|o$tBXC$tBXC$tCCq$tCCq$tJB[$tJB[$type must be boolean, but is ${`@Y${`@Y${j[E${j[E${j[E${j[E${j[E${kFE${kFE${kFE${kj${lF]${lF]
                                                                                                                                                                                                          • API String ID: 3883471643-3051686586
                                                                                                                                                                                                          • Opcode ID: 76bdae5eaad9d160d0a5f56a90a7275e44230ab2e8156b330324783087b3fb9b
                                                                                                                                                                                                          • Instruction ID: 1a20d735c21718cbab9452eb00c994741dd2d15120650b94bd7fa22fe76755ba
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76bdae5eaad9d160d0a5f56a90a7275e44230ab2e8156b330324783087b3fb9b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8F3CE709042588BEF29DB28CC98BEEBBF5AF15304F1441D9D049A7292DBB49F89CF51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B70580 Relevance: 254.1, APIs: 13, Strings: 130, Instructions: 3825COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(?,?), ref: 00B70784
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B707B2
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B709DD
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B709EC
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B70D86
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B70D96
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B70F76
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B70F85
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B710C6
                                                                                                                                                                                                            • Part of subcall function 00B6BF90: GetFileAttributesA.KERNEL32(?,?,787C6B7B), ref: 00B6BFBE
                                                                                                                                                                                                            • Part of subcall function 00B6BF90: __Mtx_unlock.LIBCPMT ref: 00B6BFEE
                                                                                                                                                                                                            • Part of subcall function 00BC5E10: Concurrency::cancel_current_task.LIBCPMT ref: 00BC5EF7
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B710D5
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B7126B
                                                                                                                                                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00B71415
                                                                                                                                                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00B7143C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mtx_unlock$AttributesFileFolderPath$Concurrency::cancel_current_task
                                                                                                                                                                                                          • String ID: @Y_$AsPA$BBNA$B|eq$CANC$CI_$CI_$CM_I$DEC$DEC$DEC$DEC$D^T$D^T$EC@G$EEYK$FEN$FFT$GIY]$HCD@$HCD@$HCD@$HCD@$HCD@$HCD@$HCD@$HSS$HX_A$HX_[$HX_[$J@}$J@}$J@}$J@}$J@}$J@}$JBNK$JND$JOBG$L_X\$MUCF$NOBG$NTHJ$NTHJ$NTHJ$NTHJ$NTHJ$NTHJ$N^b$N^B$N^H[$OY^$S%5$S%51$SW^_$VTU_$V_\$WYIM$XJX]$YHL$YHL$[T\N$[T\N$[_CS$[_CS$[_CS$[_CS$[_CS$[_CS$^]WN$_EiA$_MAM$`GEN$aDFX$aZHD$aZLC$cGNO$cIZB$eA]I$ejxi$fFFD$gk\R$hCD@$hC_K$iIDO$jAGI$jMNK$kA]O$kMMM$kOXV$nFOC$nPJE$ngjE$sM[X$uMMN$wZ@G${J@^${_HF${_HF${aGN${aGN${aGN${aGN${aGN${aGN${bHR${bHR${dFI${dFI${dFI${dFI${dFI${dFI${eFD${e\F${i[G${i[G${i]E${j@D${j@^${kFC${mEO${mEO${mEO${mQE${m]B${o\K${o\K$}KHY$~ijE
                                                                                                                                                                                                          • API String ID: 1290385620-2583150534
                                                                                                                                                                                                          • Opcode ID: fcfede840fd9b32631ff7ceeabacdd00c974df45b2dfd228f6ad237c4862fe19
                                                                                                                                                                                                          • Instruction ID: 42d4ab798d236a4bcbf80ef0e6eed79fbc81d0e3d6bfc27f88f252f16077cb9d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcfede840fd9b32631ff7ceeabacdd00c974df45b2dfd228f6ad237c4862fe19
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7573E370C10258DAEF14EB64CC55BEEBBB5AF11304F4481D8E44967292EB746F89CFA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B713C0 Relevance: 228.2, APIs: 2, Strings: 127, Instructions: 2459COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00B71415
                                                                                                                                                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00B7143C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FolderPath
                                                                                                                                                                                                          • String ID: @Y_$AsPA$BBNA$B|eq$CANC$CI_$CI_$CM_I$DEC$DEC$DEC$DEC$D^T$D^T$EC@G$EEYK$FEN$FFT$HCD@$HCD@$HCD@$HCD@$HCD@$HCD@$HCD@$HSS$HX_A$HX_[$HX_[$J@}$J@}$J@}$J@}$J@}$J@}$JBNK$JND$JOBG$L_X\$MUCF$NOBG$NTHJ$NTHJ$NTHJ$NTHJ$NTHJ$NTHJ$N^b$N^B$N^H[$OY^$S%5$S%51$SW^_$VTU_$V_\$WYIM$XJX]$YHL$YHL$[T\N$[T\N$[_CS$[_CS$[_CS$[_CS$[_CS$[_CS$^]WN$_EiA$_MAM$`GEN$aDFX$aZHD$aZLC$cGNO$cIZB$eA]I$ejxi$fFFD$gk\R$hCD@$hC_K$iIDO$jAGI$jMNK$kA]O$kMMM$kOXV$nFOC$nPJE$ngjE$sM[X$uMMN$wZ@G${J@^${aGN${aGN${aGN${aGN${aGN${aGN${bHR${bHR${dFI${dFI${dFI${dFI${dFI${dFI${eFD${e\F${i[G${i[G${i]E${j@D${j@^${kFC${mEO${mEO${mEO${mQE${m]B${o\K${o\K$}KHY$~ijE
                                                                                                                                                                                                          • API String ID: 1514166925-4148695695
                                                                                                                                                                                                          • Opcode ID: 907432c071e5366e3c7b65887b31ee8a59aabfca937128c292ae358586b3de8d
                                                                                                                                                                                                          • Instruction ID: f4a207aff238bb4c106a22ebf7379ab9b1598284bf6c001f185a0f6d961d4f43
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 907432c071e5366e3c7b65887b31ee8a59aabfca937128c292ae358586b3de8d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E33AE70C04659DAEF25EB64CC55BEDBBB4AF11304F4445D8E84967282EB742F88CFA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B948E0 Relevance: 98.0, APIs: 2, Strings: 53, Instructions: 1745COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B95986
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B9599B
                                                                                                                                                                                                            • Part of subcall function 00B6BF90: GetFileAttributesA.KERNEL32(?,?,787C6B7B), ref: 00B6BFBE
                                                                                                                                                                                                            • Part of subcall function 00B6BF90: __Mtx_unlock.LIBCPMT ref: 00B6BFEE
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mtx_unlock$AttributesFile
                                                                                                                                                                                                          • String ID: AG[G$AG[G$AG[G$B@H$B@H$B@H$BB^$DM[^$DM[^$EC^\$EM@K$EXXC$FDd`$FDd`$FDd`$KGNC$KGNC$KGNC$KGNC$KGNC$MEAK$OGZ^$RZE$RZE$RZE$WIZY$WIZY$WZFL$WZFL$\C_J$\C_J$cannot use operator[] with a string argument with $psT@$wI]B$wZFL$xYOC$xYOC$xYOC${CLS${CLS${CLS${CLS${CLS${CLS${DFM${KLX${KLX${KLX${KLX${KLX${KLX${X[E${y\K
                                                                                                                                                                                                          • API String ID: 1886074773-2890223016
                                                                                                                                                                                                          • Opcode ID: da015ee7dc90bd3e28b6e8c264f76197b2da3c5261886d91b71f9c80fc2ff0de
                                                                                                                                                                                                          • Instruction ID: 268d33f9f52839fd3fcc19d85aee01f69c5c22d3223dd5acaac291587c139f1c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: da015ee7dc90bd3e28b6e8c264f76197b2da3c5261886d91b71f9c80fc2ff0de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09F2BF70C002588ADF29EB64CC99BEDBBB5AF15304F1441ECE44967282EB745F89CF96
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B85A90 Relevance: 60.3, Strings: 46, Instructions: 2804COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Initstd::locale::_
                                                                                                                                                                                                          • String ID: BFJX$BFJX$BFJX$BFJX$BPYu$BPYu$DI[N$DI[N$DI[N$EM@K$EM@K$FCCZ$HZ@M$H[vI$H[vI$H[vI$H[vI$H[vI$H[vI$IAJA$IAJA$IIDO$IIDO$KIZ^$KoZW$KoZW$KoZW$KoZW$LQCV$LQCV$MUC$RIL\$R\YK$R\YK$R\YK$R\YK$YU]Z$YU]Z$YU]Z$YU]Z$YU]Z$YU]Z$tBXC$tCCq$tCCq$tJB[
                                                                                                                                                                                                          • API String ID: 1620887387-3550693116
                                                                                                                                                                                                          • Opcode ID: f2c11b4e2ed42a29b4a37ef0780dd61b0b2d936eed3386acdfba5e4e2455e170
                                                                                                                                                                                                          • Instruction ID: f1ddb8f9434cbc33bb377436b6f4b50ef9723e3eee3934a995ec980216a1f93c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2c11b4e2ed42a29b4a37ef0780dd61b0b2d936eed3386acdfba5e4e2455e170
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C43BF70D042598BDB25EF24C855BEEBBF0AF15304F1441E8E449A7292EB74AF89CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BADB80 Relevance: 53.8, Strings: 42, Instructions: 1269COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: BI^$BI^$BI^$BI^$DCF$DGFA$DGFA$DI[N$D^T$D^T$D^T$F]]E$KGNC$KGNC$MEAB$NDT$NDT$NDT$NDT$NDT$NDT$OAZ^$T[VO$dGFA$dGFA$h]]F$kGJK$kGJK$kGJK$kGJK$kGJK$kGJK$kGNC$kGNC$oAZ^$oAZ^$oMYO$oMYO$oMYO$pMK$pMK$pMK
                                                                                                                                                                                                          • API String ID: 0-428746264
                                                                                                                                                                                                          • Opcode ID: 0f5a2cc8c534f7e5c57ad0f5d227aac2d6f6daa92e71e06ded3c9ed5dea438ef
                                                                                                                                                                                                          • Instruction ID: 3262d31e4664730d1907afab13f1a8f928bd5550b24e48e82253740d7cd07771
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f5a2cc8c534f7e5c57ad0f5d227aac2d6f6daa92e71e06ded3c9ed5dea438ef
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9C2D070D042998BDF15DF64C899BDEBBB1AF1A304F1481DDD4496B342EB30AB89CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BBD180 Relevance: 45.8, APIs: 18, Strings: 7, Instructions: 2073COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00BA2250: CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA22E0
                                                                                                                                                                                                            • Part of subcall function 00BA2250: CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BA233C
                                                                                                                                                                                                            • Part of subcall function 00BA2250: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00BA236D
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,5F45787B,00C93AFC,00000000,5F45787B,5F45787C), ref: 00BBD282
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBD496
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBD4A5
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBD6B6
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBD6C5
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBD8C6
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBD8D5
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBDBC6
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBDBD5
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBE0CE
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBE0DD
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBE2D6
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBE2E5
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBE4E7
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBE4F6
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBE7E6
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00BBE7F5
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,46487F7B,00C93AFC,00000000,46487F7B,46487F7C), ref: 00BBDEBC
                                                                                                                                                                                                            • Part of subcall function 00BCD850: Concurrency::cancel_current_task.LIBCPMT ref: 00BCD92D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mtx_unlock$CreateDirectory$Concurrency::cancel_current_taskFolderPath
                                                                                                                                                                                                          • String ID: GIY]$SIIj$kGJK$nFMO$tQGI${n@F${xE_
                                                                                                                                                                                                          • API String ID: 791088107-847423877
                                                                                                                                                                                                          • Opcode ID: b2a01a6dda170735e81eca57edc9c8d36b107028b6adea6c225094897970aa9e
                                                                                                                                                                                                          • Instruction ID: e8ee3d540f5aaf60a4698d0e11c5741a4afff72cca23c50843c5a38aaa999e81
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2a01a6dda170735e81eca57edc9c8d36b107028b6adea6c225094897970aa9e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D031631900258CFDF18DB68CC89BFDBBB5EF15304F1482D8E055A7292EBB49A85CB61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B6F050 Relevance: 43.7, APIs: 19, Strings: 5, Instructions: 1719COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mtx_unlock$AttributesFile
                                                                                                                                                                                                          • String ID: J@}$NTHJ$[_CS${aGN${dFI
                                                                                                                                                                                                          • API String ID: 1886074773-2598508030
                                                                                                                                                                                                          • Opcode ID: d732705003db0d6ddd72c8914722c293d0864042463c3f1bacb2dfeca9e1db1d
                                                                                                                                                                                                          • Instruction ID: 4647f8ffceb9f504ba210814d2d8bee698a67236f815f4953e0f304a0f9125ad
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d732705003db0d6ddd72c8914722c293d0864042463c3f1bacb2dfeca9e1db1d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03D25771910209CBDF08DBA8DC99BFDBBB5EF15300F2482ADE415A7292D7389A85CB51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BA0360 Relevance: 43.0, APIs: 1, Strings: 23, Instructions: 954registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?,00C961C0,00000000), ref: 00BA0452
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Open
                                                                                                                                                                                                          • String ID: B@H$KGNC$KGNC$RZE$WIZY$WZFL$YUC$YUC$\C_J$\G^@$\G^@$\G^@$\G^@$bEHC$cannot use operator[] with a string argument with $nehz$nehz$nehz$o|}z$o|}z$te}z$te}z$te}z
                                                                                                                                                                                                          • API String ID: 71445658-3163795657
                                                                                                                                                                                                          • Opcode ID: 1a6b799ce0ae326a06703165af8c609bf2c2a3c35807656ab2a20bc6744a2359
                                                                                                                                                                                                          • Instruction ID: 6366e9d76ee967a9b4dfd221c2ad1f74128b58d0571a1413309ea9967e5c3955
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a6b799ce0ae326a06703165af8c609bf2c2a3c35807656ab2a20bc6744a2359
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB929C70C142589EEB25DB64CC84BEEBBB8AF16304F1041DDD449A7292EB746B89CF61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B9D5A0 Relevance: 34.9, APIs: 7, Strings: 12, Instructions: 1648COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(?), ref: 00B9D730
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B9D760
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B9E2C6
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B9E2D6
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B9EC6D
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B9D84C
                                                                                                                                                                                                            • Part of subcall function 00BCD850: Concurrency::cancel_current_task.LIBCPMT ref: 00BCD92D
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B9EC24
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mtx_unlock$AttributesConcurrency::cancel_current_taskFile
                                                                                                                                                                                                          • String ID: X_CV$YMJK$Z^E$\C_J$fKJE$invalid stoi argument$jONA$stoi argument out of range$wIZY${EHZ${M^]${{]E
                                                                                                                                                                                                          • API String ID: 3826552558-1934692543
                                                                                                                                                                                                          • Opcode ID: 8b64acb4b9e20d219226e59cf6ccd1eb8dbae2525aea11f7de46338790b9f834
                                                                                                                                                                                                          • Instruction ID: 0503a6bc0152309da298957417acde16e3a55b61574d58f19d80a6ca1bb7bcc0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b64acb4b9e20d219226e59cf6ccd1eb8dbae2525aea11f7de46338790b9f834
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFE2D5709102588FEF18CF68CC98BEDBBB5AF56304F1482ECD05967292DB749AC5CB61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B91010 Relevance: 30.7, Strings: 23, Instructions: 1965COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: DFM$DMH$A]U^$BFJX$BFJX$BFJX$H[vI$H[vI$H[vI$H[vI$J@}$J@}$KoZW$KoZW$R\YK$R\YK$YU]Z$YU]Z$YU]Z$[QEW$[QEW${dFI${dFI
                                                                                                                                                                                                          • API String ID: 0-2122256219
                                                                                                                                                                                                          • Opcode ID: e83ce8e531d3af55f63a6bb9fd55667ed45469ffb300545748e7c43c5d0df907
                                                                                                                                                                                                          • Instruction ID: c88aafbd01e8797a9915eae2cb13ec1d93b92cf13dc60e32907c0377230244d0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e83ce8e531d3af55f63a6bb9fd55667ed45469ffb300545748e7c43c5d0df907
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6403CE71D002599BDF18CF68CC94BEEBBB1AF55300F1482EDE449AB292D7349A85CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B8BA60 Relevance: 30.0, Strings: 22, Instructions: 2456COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Initstd::locale::_
                                                                                                                                                                                                          • String ID: @\FA$BFJX$BFJX$BFJX$BOH$D^Fr$H[vI$H[vI$H[vI$KoZW$KoZW$NB^$R\YK$R\YK$R\YK$SGBO$TM[\$YU]Z$YU]Z$YU]Z$cannot use operator[] with a string argument with $iM]]
                                                                                                                                                                                                          • API String ID: 1620887387-2013181319
                                                                                                                                                                                                          • Opcode ID: 52099bcd1c9149511b4db5532d4b07f80f99bf91572c924b51f3ddb00f5ce284
                                                                                                                                                                                                          • Instruction ID: 6bfba065fff61d40c922ccc7389adf8bce4029e8c1963034fe011178fc0c9ce3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52099bcd1c9149511b4db5532d4b07f80f99bf91572c924b51f3ddb00f5ce284
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F423D070D002588BDF19DF68CC84BEDBBB1AF55304F1482D9E449672A2DB74AB85CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BB82E0 Relevance: 26.9, APIs: 6, Strings: 9, Instructions: 699COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mtx_unlock$AttributesCreateDirectoryFile
                                                                                                                                                                                                          • String ID: \Q^$\Q^$\Q^$\Q^$\Q^$\Q^$\Q^$@EH]$@EH]$@EH]$@^uS$@^uS$@^uS$@^uS$BPYC$BPYC$BPYC$BPYC$BPYu$BPYu$BPYu$BPYu$C@M$CGDK$CGDK$DI[N$DI[N$DJDB$DJDB$E@BO$E@BO$EM@K$EM@K$FCCZ$FCCZ$G@X#$IAJA$IAJA$IIDO$IIDO$IIDO$IIDO$IIDO$IIDO$KIZ^$KIZ^$LQCV$LQCV$MUC$MUC$O\]Z$QIE_$QIE_$RIL\$RIL\$RZE$RZE$RZE$RZE$SADO$SADO$SGBO$TMJ_$TMJ_$TM[\$WI]B$WI]B$WI]B$WI]B$WI]B$X!'$X&'$YMYG$YMYG$YMYG$YMYG$\_H\$\_H\$\_H\$\_H\$\_H\$_C_W$_TY$aiey$aiey$dBAW$dBAW$sz|o$sz|o$sz|o$tBXC$tBXC$tCCq$tCCq$tJB[$tJB[$type must be boolean, but is ${`@Y${`@Y${j[E${j[E${j[E${j[E${j[E${kFE${kFE${kFE${kj${lF]${lF]
                                                                                                                                                                                                          • API String ID: 3883471643-3051686586
                                                                                                                                                                                                          • Opcode ID: 273b669141b862fe845b97f0b290730d708fb7dc96f866dbb545588fd7cb41a3
                                                                                                                                                                                                          • Instruction ID: f0735d55d79c4a59d0e226a230306b6473ee87628fd10ba8cc7dd3dabbee8037
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 273b669141b862fe845b97f0b290730d708fb7dc96f866dbb545588fd7cb41a3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA52C0709002588FDF29CF68C958BFDBBF9EF06300F1441D9D44AA7292DBB59A89CB51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B98C90 Relevance: 26.9, Strings: 20, Instructions: 1892COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: @^uS$B@H$BI^$BI^$BPYC$CGDK$DGFA$DGFA$IIDO$MEAK$O\]Z$QIE_$TMJ_$WI]B$YMYG$cannot use operator[] with a string argument with $dBAW$wI]B$wZFL${X[E
                                                                                                                                                                                                          • API String ID: 0-799835013
                                                                                                                                                                                                          • Opcode ID: 1168328190eaec9944b5a8713c84dc2ccbf341167eb7246f7c1e2e4285d47085
                                                                                                                                                                                                          • Instruction ID: 8f7e1b6ec65a344eef97b9477b06c86c951e1f4531c43e82258ba1e7a7db7056
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1168328190eaec9944b5a8713c84dc2ccbf341167eb7246f7c1e2e4285d47085
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F803CF709002599BDF25CF68CC54BEEBBF4AF15304F1441EDE449AB282EB75AA84CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BB3910 Relevance: 25.2, Strings: 19, Instructions: 1493COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mtx_unlock$AttributesConcurrency::cancel_current_taskCreateDirectoryFile
                                                                                                                                                                                                          • String ID: /$@WK^$B@H$B@H$KGNCE$KGNCE$RZE$RZE$WIZY\C_J$WIZY\C_J$WZFL$WZFL$X[B\$wZFLB@H]${${${NFR${XHY${j[E\_H\\
                                                                                                                                                                                                          • API String ID: 1266625421-4007018601
                                                                                                                                                                                                          • Opcode ID: a3ce0f0dce4345da22267fc51e521a0a83c07303163d2facdba132b6cd5bb178
                                                                                                                                                                                                          • Instruction ID: b46cd89d78f3d890e09c8fd0ef634749f5759eba460b54f32824c615daaff4a3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3ce0f0dce4345da22267fc51e521a0a83c07303163d2facdba132b6cd5bb178
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EE24970D002599AEF25EBA0C956FEDBBB4AF15304F4044E8E44973292EF781F89CB65
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B96590 Relevance: 18.7, Strings: 14, Instructions: 1195COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mtx_unlock
                                                                                                                                                                                                          • String ID: &$$=$;?#+$B@H$F]]E$F]]E$IIDO$MEAB$MEAK$QIE_$^L\$cannot use operator[] with a string argument with $wI]B$wZFL${X[E
                                                                                                                                                                                                          • API String ID: 1418687624-882675722
                                                                                                                                                                                                          • Opcode ID: a82a8769118eecad557e9db02f68f32f444e381b2cda6ee766dd376175d30260
                                                                                                                                                                                                          • Instruction ID: aae5a9e5612bb575c782a7beacef1176b975ae1d35228ddb4fa70d38b24a8e04
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a82a8769118eecad557e9db02f68f32f444e381b2cda6ee766dd376175d30260
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AB2D2709142588FDF24CF64C855BEEBBF5AF15304F1481ECE449AB282EB749A89CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B902C0 Relevance: 11.5, APIs: 1, Strings: 5, Instructions: 975COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 00B9097E
                                                                                                                                                                                                            • Part of subcall function 00BC91D0: std::_Lockit::_Lockit.LIBCPMT ref: 00BC91FE
                                                                                                                                                                                                            • Part of subcall function 00BC91D0: std::_Lockit::_Lockit.LIBCPMT ref: 00BC9221
                                                                                                                                                                                                            • Part of subcall function 00BC91D0: std::_Lockit::~_Lockit.LIBCPMT ref: 00BC9241
                                                                                                                                                                                                            • Part of subcall function 00BC91D0: std::_Lockit::~_Lockit.LIBCPMT ref: 00BC9275
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Initstd::locale::_
                                                                                                                                                                                                          • String ID: BEHC$EM@K$HYOM$R[LX$n:
                                                                                                                                                                                                          • API String ID: 1226965381-3806352440
                                                                                                                                                                                                          • Opcode ID: 602a0f1ab88518ec5c84024ba034b4de910d30f9978c8e9673624898b6431feb
                                                                                                                                                                                                          • Instruction ID: 4921229747fa40d944dbee9a1585a6faec12f97c9a67106aed28aa0a334b87a8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 602a0f1ab88518ec5c84024ba034b4de910d30f9978c8e9673624898b6431feb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9382F570D102488FDF18EF68C8957ADBBF5BF15304F1482ACE445AB292DB74AA85CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B6C050 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 262COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                          • API String ID: 0-1173974218
                                                                                                                                                                                                          • Opcode ID: f815e034aa44096d2a5c277d05d7bf38488d3fcc1a34009a9c93fa2cedc3f381
                                                                                                                                                                                                          • Instruction ID: 1ce7014c3c615f60e59a0f2b360b7d256d39b642e68b9452a193e7204e25f7af
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f815e034aa44096d2a5c277d05d7bf38488d3fcc1a34009a9c93fa2cedc3f381
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0691D2319002089BDB14DFA8C959BFDBBF5FF05304F2046A9E455B7282DB75AE84CBA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C3A930 Relevance: 9.2, Strings: 7, Instructions: 490COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: BINARY$MATCH$NOCASE$RTRIM$automatic extension loading failed: %s$no such vfs: %s$sqlite_rename_table
                                                                                                                                                                                                          • API String ID: 0-1885142750
                                                                                                                                                                                                          • Opcode ID: 3ea58800ac3537f6132818b6913ecfbb9a76a3d17b21cf673415c6b548a46223
                                                                                                                                                                                                          • Instruction ID: b61343a6dc50a5138b07b0d602e6406c8c9e738c2e4a02d17cb8f4cb4a9252b1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea58800ac3537f6132818b6913ecfbb9a76a3d17b21cf673415c6b548a46223
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 520247B1B207409FEB209F25DC49B6F77E4AF44704F04442DE49A9B691E7B5EA60CB82
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BB3350 Relevance: 6.6, Strings: 5, Instructions: 334COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                          • String ID: BI^$DGFA$F]]EMEAB$KGNCE_$OAZ^D^T
                                                                                                                                                                                                          • API String ID: 118556049-3591372289
                                                                                                                                                                                                          • Opcode ID: c4fcaf6ecc772a9353dbfe96ba24ca357b557e9604c0ce14e733ef12a31a1398
                                                                                                                                                                                                          • Instruction ID: 42a4370ab60457411f42896619e139b627cca3f25da70f577e062656f57bdded
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4fcaf6ecc772a9353dbfe96ba24ca357b557e9604c0ce14e733ef12a31a1398
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DE19D71D042889FDF05DBA8C889BDEBBF5AF59300F5480DDE449A7352DB34AA48CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B90890 Relevance: 2.1, APIs: 1, Instructions: 554COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00B6B8E0: __fread_nolock.LIBCMT ref: 00B6B9CF
                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 00B9097E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Init__fread_nolockstd::locale::_
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 221842284-0
                                                                                                                                                                                                          • Opcode ID: 4633512a8802d8fda6bb5c8c0e24baafb966ad9a314efc012b2aff6bc1abbe14
                                                                                                                                                                                                          • Instruction ID: dc5c58f655f82a10ffe3dcf9ba2063f491790b7da26d10f303bf1e269cb0f1d9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4633512a8802d8fda6bb5c8c0e24baafb966ad9a314efc012b2aff6bc1abbe14
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3622D371D102488FDF18EF68CC897ADBBF5AF45304F1482DCE449AB292D774AA85CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C3B4E5 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileExW.KERNEL32(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,00BD2DBA,?,?), ref: 00C3B500
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                                                                                          • Opcode ID: cde9827f7b817e3d777d06390d51ad90cae8a083108940f78e1c28a3bd63e5eb
                                                                                                                                                                                                          • Instruction ID: f07886ab781d59891c71da89f146bae8d1b003b2a63f1d3e8fe02f133917da9a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cde9827f7b817e3d777d06390d51ad90cae8a083108940f78e1c28a3bd63e5eb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99E08672121104BEDF106FB58C08CBB779DDF05720F100925BE68D2050D6329D115BA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460E39 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0ab6f1678a7845f8826fd5e60e12164adeea7fcdf851098b7669a7ea0eb79982
                                                                                                                                                                                                          • Instruction ID: c738e382cd23ca60ebb195db54ea876c9d8ca69cfe6c845f3dae9058106dc7ae
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ab6f1678a7845f8826fd5e60e12164adeea7fcdf851098b7669a7ea0eb79982
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8F02BFA40C236ECD606D081931C7FB5B2BA6DA33073148A3F40FA104491E48F874137
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BCC5A0 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 519COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ___std_exception_destroy.LIBVCRUNTIME ref: 00BCC806
                                                                                                                                                                                                          • ___std_exception_destroy.LIBVCRUNTIME ref: 00BCC81F
                                                                                                                                                                                                          • ___std_exception_destroy.LIBVCRUNTIME ref: 00BCCB77
                                                                                                                                                                                                          • ___std_exception_destroy.LIBVCRUNTIME ref: 00BCCB90
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___std_exception_destroy
                                                                                                                                                                                                          • String ID: value
                                                                                                                                                                                                          • API String ID: 4194217158-494360628
                                                                                                                                                                                                          • Opcode ID: 3083ca01fa4983e40bd55796dfe1338f5860a8cd46ed6730557a54323d772fa6
                                                                                                                                                                                                          • Instruction ID: 4bcf0a8e88b9715bbfbf5902ccd52d4dbcedbf287ee3208fb83ccea2d051b6de
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3083ca01fa4983e40bd55796dfe1338f5860a8cd46ed6730557a54323d772fa6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62229170D002588FDB18CBA4C894BEEFBF5AF59300F14829DE459A7782DB746A85CF61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B7DBB0 Relevance: 6.1, APIs: 4, Instructions: 99networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • WSAStartup.WS2_32(00000202,?,?,?), ref: 00B7DBDB
                                                                                                                                                                                                          • socket.WS2_32(?,?,?,?,?,?), ref: 00B7DC7E
                                                                                                                                                                                                          • connect.WS2_32(00000000,?,?,?,?,?), ref: 00B7DC91
                                                                                                                                                                                                          • closesocket.WS2_32(00000000), ref: 00B7DC9D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Startupclosesocketconnectsocket
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3098855095-0
                                                                                                                                                                                                          • Opcode ID: 3de6ad527665135253411a1114b4dd450b2095fc2da0a20f634242a560ce30ae
                                                                                                                                                                                                          • Instruction ID: 372d6180902d07e3872662e752051e8ff05c068808cc77edf6630c511d08e974
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3de6ad527665135253411a1114b4dd450b2095fc2da0a20f634242a560ce30ae
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3331B3726053016BD7219B388C84B6BB7F5FF8A374F048F59F9B8922D0E77198448692
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B6B8E0 Relevance: 4.9, APIs: 3, Instructions: 443COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __fread_nolock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2638373210-0
                                                                                                                                                                                                          • Opcode ID: 81626c0b36738970548de28880bed78a528f851b4678c62f040944f78aa8ad09
                                                                                                                                                                                                          • Instruction ID: 0ec127cf8f8582f235168693e57b86c49ca46df920f3bc0f6d6aa62ac3898ff8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81626c0b36738970548de28880bed78a528f851b4678c62f040944f78aa8ad09
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5D11671A00204ABDB18DF68CD86FAF77F9EF45700F14066DF405DB682DBB89A818791
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C521C3 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f05e472d9454457e8ed7c01046d1ba8e0ec6cd4145225d5923a2cf8bd417f378
                                                                                                                                                                                                          • Instruction ID: 9bccbdce3d9760226d90fc779e8cd7799cafc994074cab8e88babd8cb90ade72
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f05e472d9454457e8ed7c01046d1ba8e0ec6cd4145225d5923a2cf8bd417f378
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32B13678E00245AFDB15DF98C881BBD7BF1BF4A311F144159EC109B292CB709E8ADB69
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B74970 Relevance: 3.1, APIs: 2, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Mtx_unlock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1418687624-0
                                                                                                                                                                                                          • Opcode ID: 6acd175814655f331ac4a6586317791b5222f8f81033530fef038aed9dc3e738
                                                                                                                                                                                                          • Instruction ID: b4806fb0b778b46605d57826574cd65b4dbd09b5666600b3387ea85840a6c2fd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6acd175814655f331ac4a6586317791b5222f8f81033530fef038aed9dc3e738
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7310672A002108BCB18EF68DCC976EB7A2EB84305F08817DE9069B396D736ED55C795
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B6C010 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,787C6B7B), ref: 00B6C026
                                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 00B6C033
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateDirectoryMtx_unlock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3577089425-0
                                                                                                                                                                                                          • Opcode ID: 367ff388802fdc71348866b7cdd599c7836995de4ddf9009e16133e7a8b546fb
                                                                                                                                                                                                          • Instruction ID: eaf2a42f2d5948045d800eb5c46cebaa656e59e505a5b182bb7caaffc17cf7d8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 367ff388802fdc71348866b7cdd599c7836995de4ddf9009e16133e7a8b546fb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93D0C9E2E51620669D7833B52C4F9FF244C4A217A0F0545B2FD09A7292FA59DD4452D2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C55309 Relevance: 3.0, APIs: 2, Instructions: 19fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,00C46991,?), ref: 00C55311
                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00C55322
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DeleteFile__dosmaperr
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1911827773-0
                                                                                                                                                                                                          • Opcode ID: 141844b9eb631e737544662f17971608a2aa233976f09c30e3874af945d56474
                                                                                                                                                                                                          • Instruction ID: fdffe018629848a790ec41c1665550e4d27e4b970122733ed40372d086f42295
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 141844b9eb631e737544662f17971608a2aa233976f09c30e3874af945d56474
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CED01232596608294A2475F66C0C496374D4BC17767601A1ABC3C85590EE62C9555051
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480007 Relevance: 1.8, APIs: 1, Instructions: 313COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d4b1898e1f6a302184f8627601493405784cec58c23df587c06fcaa81a82924f
                                                                                                                                                                                                          • Instruction ID: 4dd4e7548281aaf0b1418d8cda0cdfe6955869fa46ac06bdf0e4db70c5f6939d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4b1898e1f6a302184f8627601493405784cec58c23df587c06fcaa81a82924f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4651D2E72AC211BEA252E4952B5C9FE676FE6C3730730842BB80FC6642E2D55A4F5131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480000 Relevance: 1.8, APIs: 1, Instructions: 310COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 89c015a037e90ffec36fed8554b6d4e9344767db68241eb301ad8fae72097e2c
                                                                                                                                                                                                          • Instruction ID: cb899862b1bff5b7b86d63d2d420dd7efb8b77bdf29a60d717dd0ed2d55b0377
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89c015a037e90ffec36fed8554b6d4e9344767db68241eb301ad8fae72097e2c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0151D3E72AC211BEB252E4852B5C9FE666FE6C3730730842BB80FC6642E2D45A4F5171
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0553075E Relevance: 1.8, APIs: 1, Instructions: 308COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: bef5c9319f99532b0c637e45de55bb972ada52c4ab1d8ec528715af52c756cfd
                                                                                                                                                                                                          • Instruction ID: ae335a7e522d90860592437b112f682947e42826f0c4c338d2ffb3027fc103ee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bef5c9319f99532b0c637e45de55bb972ada52c4ab1d8ec528715af52c756cfd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 555103EB54D311ADF311C1856B6EAFB676FF2D67303308C26B40FC6AA1E2844A4941F1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480018 Relevance: 1.8, APIs: 1, Instructions: 307COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8ee353ac8ee232bcafdb01e35b773e73bc6150be5e151b515dd12b4dd7dea329
                                                                                                                                                                                                          • Instruction ID: a123767644724ae640866594e5ae4abfb059f48868cea9487acf92439aa63c9c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ee353ac8ee232bcafdb01e35b773e73bc6150be5e151b515dd12b4dd7dea329
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA51D3E726C211BEA252E4952B5C9FE666FE6C3730730842BF80FC6642E2D45A4F5131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0548002C Relevance: 1.8, APIs: 1, Instructions: 307COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: b640f0ab0387991762e6ec5b3185c2a9963502c64a09644605d361c0f330d16c
                                                                                                                                                                                                          • Instruction ID: 3cc68785bd6442ba3eed13f0391d7a217119edbc4676ab993611ae4149945e83
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b640f0ab0387991762e6ec5b3185c2a9963502c64a09644605d361c0f330d16c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F51C4E71AC221BEA252E4952B5C9FE666FE6C3730730843BB80FC6642E2D55A4F5131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 055306C3 Relevance: 1.8, APIs: 1, Instructions: 307COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 88dcb825f8a3c7d087fca24263469b61fb996b47fde85b69806e45e8e46b3413
                                                                                                                                                                                                          • Instruction ID: 73a8209ee08e2b2b6f3702bdf8ed268c3f142dadad1e9dfc98f3b31f17ab184e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88dcb825f8a3c7d087fca24263469b61fb996b47fde85b69806e45e8e46b3413
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F51E2EB14D310BDF342D1856B6EAFB676FF6D63307308826B40FC6AA1E2944E4941B1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 055306E1 Relevance: 1.8, APIs: 1, Instructions: 300COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 636c7a6aab24bcc21d0cd04987efea20fae2d571af8f30424dfd54b4d8e842b4
                                                                                                                                                                                                          • Instruction ID: c91fbce81669e4a24278664a8a85f101a729c06c1e95044231c5534dd965653a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 636c7a6aab24bcc21d0cd04987efea20fae2d571af8f30424dfd54b4d8e842b4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A51E2EB14D314BDF342D1856B6EAFB676FF6D67307308826B40FC2AA1E2944E4941B1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05530791 Relevance: 1.8, APIs: 1, Instructions: 300COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ff08e8935d5af59a54d21633846e18398eb4ab8ca00ebb002166ebcbc1e91cfc
                                                                                                                                                                                                          • Instruction ID: f5cd0d2e2d38f589e165805bfea92011addf8e4d381144a7417117b824a168cd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff08e8935d5af59a54d21633846e18398eb4ab8ca00ebb002166ebcbc1e91cfc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE51E3A754D311BDF342D1916B6EAFB676FF6D6330330882BF40BC69A1E2844A4941B1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0548003F Relevance: 1.8, APIs: 1, Instructions: 299COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 81ce918872f4febbca2ccffd8dbac0df6a99b6144193a00b6c60aeb99f620207
                                                                                                                                                                                                          • Instruction ID: 77326794e9dc1c7f574b721efbf37fa43c0055ac2e5667d1a7386f3d8b6b6f1e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81ce918872f4febbca2ccffd8dbac0df6a99b6144193a00b6c60aeb99f620207
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C251D4E72AC211BEB252E4952B5C9FE666FE6C3730730842BF80FC6642E2D45A4F1131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 055306EF Relevance: 1.8, APIs: 1, Instructions: 297COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 7e70bea39a4684d5a0da9ab813d33900f5ef1c690ecfd22150c7193e16be4bcd
                                                                                                                                                                                                          • Instruction ID: 09e74e9247cf12a9df93832b5fe4cace0827f0fcb6b7a6a1f5d5115b16555a5e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e70bea39a4684d5a0da9ab813d33900f5ef1c690ecfd22150c7193e16be4bcd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A51E3EB14D314BDF352D1856B6EAFB676FF6D67307308826B40FC2AA1E2844E4941B1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 055306FD Relevance: 1.8, APIs: 1, Instructions: 296COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 63433f303495159bd149949186c207227bf8da8d7846aa182cee7a36587d84ac
                                                                                                                                                                                                          • Instruction ID: b0e5081b36248e62ae9df1c4c392238dee35a580d861973d3f21ab3ecaa0dc6c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63433f303495159bd149949186c207227bf8da8d7846aa182cee7a36587d84ac
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8951F3E714D314BDF351D1816B6EAFB676FF6D6330730882AB40FC2AA1E2944E4941B1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0548005A Relevance: 1.8, APIs: 1, Instructions: 295COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7e25614d806ce5497541f05a7f844eab926bd7599b13a6639803efcff4b8c894
                                                                                                                                                                                                          • Instruction ID: 9d1346b51fb5c013c90856176695be7c35bc998d10aff21e87b02699feaa84a4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e25614d806ce5497541f05a7f844eab926bd7599b13a6639803efcff4b8c894
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0351C3E72AC211BEB256E4952B1C9FE666FE6C3730730842BF80FC6642E2D45A4F1171
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05530733 Relevance: 1.8, APIs: 1, Instructions: 295COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 0dad3b050a44b6357103ae65bf46a84d749c4af639ea1dfac09340ea09dba906
                                                                                                                                                                                                          • Instruction ID: e501e5185df876ecb5b65160c52becb1add16a5ee6705104a0d5511be8b496a8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0dad3b050a44b6357103ae65bf46a84d749c4af639ea1dfac09340ea09dba906
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA5116E754D310BDF342C1816B6EAFB676FF6D6330330882AF40FC25A1E2840A4941B1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0548008F Relevance: 1.8, APIs: 1, Instructions: 293COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: db77e55fa750b266cd40a526c57b8263dcde2d86c8a34c6eb0fab1b2f564ec41
                                                                                                                                                                                                          • Instruction ID: 21c7ce9ecd86a215a27e5bb5a6fbcae657b7b6bb1a1b584ac197d61a579c8f59
                                                                                                                                                                                                          • Opcode Fuzzy Hash: db77e55fa750b266cd40a526c57b8263dcde2d86c8a34c6eb0fab1b2f564ec41
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D51D0E72AC211BEA246E5856B5C9FE676FE6C3730730842BF80BC6642E2D45A4F1171
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480069 Relevance: 1.8, APIs: 1, Instructions: 291COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d16b3c87dde942b4f30e18c380407c361bad765fa208a54d8cdc5f8454110cc9
                                                                                                                                                                                                          • Instruction ID: 8722dd5262baa2387fdd881ace9b52130a488a8fb1566ba93364f9d5edf52119
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d16b3c87dde942b4f30e18c380407c361bad765fa208a54d8cdc5f8454110cc9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B51C4E72AC211BEB256E4852B1C9FE666FE6C3730730842BF80FC6642E2D45A4F1171
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054800B6 Relevance: 1.8, APIs: 1, Instructions: 280COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 053a2991e5404713a64185343330e278f4b6b79829b74063646b71d2f7db837c
                                                                                                                                                                                                          • Instruction ID: 6ef2b9337e3a9e6640c388e94a67d9d948196b5903cf4bde69699a89138ac90c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 053a2991e5404713a64185343330e278f4b6b79829b74063646b71d2f7db837c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B251B1E72AC211BEB256E5852B5C9FE676FE6C3730730842BF80BC6642E2D45A4F1131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 055307A4 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 53ee032000e9abd86bec87799eddf541941f6c7edf05c582e71f3d8a76f8562f
                                                                                                                                                                                                          • Instruction ID: 32968c1cff68cce51b6c3d1ac8eb21abbcdd416eefa6b6e160755d22d3be7704
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53ee032000e9abd86bec87799eddf541941f6c7edf05c582e71f3d8a76f8562f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B05103EB14D315BDF312D1856B6AAFB576FF2D67303308826B40FC2AA1E2844E8941B0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054800D1 Relevance: 1.8, APIs: 1, Instructions: 271COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e64f3fde287032e4224055b7923d1aa510807a1aa15318835ffbf634d47d0587
                                                                                                                                                                                                          • Instruction ID: 059a81415915208822f264af16e5d0caeb326ced947f6d5b6fc7d323454d3a3f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e64f3fde287032e4224055b7923d1aa510807a1aa15318835ffbf634d47d0587
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D151C2E72AC211BEB256E5852B1C9FE676FE6C3730730842BF80BC6642E2D45A4F1131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054800EF Relevance: 1.8, APIs: 1, Instructions: 266COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ce83d08c3200191aedec60ac32f2c5902f148950735281a46343b2d8f5714fa1
                                                                                                                                                                                                          • Instruction ID: 20fca9ad2edd9680b7bf33928151bee58c52520753fbf8f77c53018807281a1a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce83d08c3200191aedec60ac32f2c5902f148950735281a46343b2d8f5714fa1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A51B1E72AC211BEB246E5856B5C9FE676FE6C3730330842BF80BC6642E2D45A4F1171
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0548010A Relevance: 1.8, APIs: 1, Instructions: 262COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4bf7d55fd4ba69b741e58981d16f92f44867ae635b935dc9c1f1b4ea8ad19aea
                                                                                                                                                                                                          • Instruction ID: 3d0ab27ed7813846c81533774e61c694b5ebb5be124cfe09764e8efd400ddd25
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bf7d55fd4ba69b741e58981d16f92f44867ae635b935dc9c1f1b4ea8ad19aea
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C5191E72AC211BEB246E5852B5C9FE676FE6C3730330842BF80BC6642E2D45A4F1171
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 055307C9 Relevance: 1.8, APIs: 1, Instructions: 262COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 703b711eb23c09c112589f3ba279fbc8d9b3e6aafed2c66d1934f403abd95ad3
                                                                                                                                                                                                          • Instruction ID: 8862a1c1163a05e241c9a4039a9693045aa3700530f58eec29168831bfc0f88c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 703b711eb23c09c112589f3ba279fbc8d9b3e6aafed2c66d1934f403abd95ad3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 515104EB54D311BDF312C1856B6AAFB576FF6D67303308826B40FC6AA2E2844E4941B0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 055307FF Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: daedafc15868ba69cffd36391c9c080a31d3f1dc2249d8ccd22b8393e9dbaa92
                                                                                                                                                                                                          • Instruction ID: 1b8a0a12aca9d7fc8bc979273014c028e02a7ffe9519234f9c1f029591c4c715
                                                                                                                                                                                                          • Opcode Fuzzy Hash: daedafc15868ba69cffd36391c9c080a31d3f1dc2249d8ccd22b8393e9dbaa92
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 115116F754D315BDF352D1856B6AAFB636FF6D2330730882AB40FC29A1E2844E4941B0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0548011B Relevance: 1.8, APIs: 1, Instructions: 257COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cac6c98fbf7ca61fde5885590f694d81e89cf8c55191fae3660a3edd40c8dc4c
                                                                                                                                                                                                          • Instruction ID: 33aecbad6d420171d8993008bb5143a475b22381d39377c39e778f7605ca5606
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cac6c98fbf7ca61fde5885590f694d81e89cf8c55191fae3660a3edd40c8dc4c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2751B1E72AC211BEB256E5852B5C9FE676FE6C3730330842BF80BC6642E2D45A4F5131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 055307E5 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 4542d0ce98884eea67a88e891e2b9fa60e8f5c12f060e71d3d4c8b274e8465c4
                                                                                                                                                                                                          • Instruction ID: 4e3e2fc1c4aa1e4c6670e20ddf0a6459af281d18ae652aefdcd0a8b77d52b45b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4542d0ce98884eea67a88e891e2b9fa60e8f5c12f060e71d3d4c8b274e8465c4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B75126EB54D315BDF312D1856B6AAFB636FF6D67307308826B40FC2AA1E2844E4941F0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480137 Relevance: 1.7, APIs: 1, Instructions: 249COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6ef9898273fbff86613c32f1729a4878c8314d3caddd2c064de88766a419b9b7
                                                                                                                                                                                                          • Instruction ID: e5c45a8edba494978e39674bd78da7733ef5a7dca848285df54c589445987baa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ef9898273fbff86613c32f1729a4878c8314d3caddd2c064de88766a419b9b7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E851C2E72AC211BEB256E5852B5C9FE676FE6C3730330842BF80BC6642E2D45A4F1171
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05530821 Relevance: 1.7, APIs: 1, Instructions: 244COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 51072aae92cdda3cde4774d5128d61e16bc711f4acc50e14daf1e829c31050a0
                                                                                                                                                                                                          • Instruction ID: d447b2500dbcd5b0377f6241f620433f2912431e553836e6d87ce385df9cfded
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51072aae92cdda3cde4774d5128d61e16bc711f4acc50e14daf1e829c31050a0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F141F5EB10D325BDF312D1816B6AAFB536FF2D67303308826B40FC2AA1E2844E4941F1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05530829 Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 5bd596398aeb93e5f0585c04b815b604e8954e06dbfb3c512f22ff9fe9169d37
                                                                                                                                                                                                          • Instruction ID: 96c7378fee669013779b0a7418511b766e993e0dc59879071863f26be175fa32
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bd596398aeb93e5f0585c04b815b604e8954e06dbfb3c512f22ff9fe9169d37
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA41F6EB10D325BDF352D1856B6AAFB536FF6D67303308827B40FC2AA1E2844E4941B1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0553084E Relevance: 1.7, APIs: 1, Instructions: 231COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 9ea2a89c56a0ded1241a6cb1d073041a6cd484af4a841ee807cd029e4fe179a2
                                                                                                                                                                                                          • Instruction ID: 2df70c8d1e1b034ae8e7c4ffe6e1e154d5cb5505790d75cdbc5c2cfb7f4f4bcc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ea2a89c56a0ded1241a6cb1d073041a6cd484af4a841ee807cd029e4fe179a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7141F4E750D315BDF352D1856B6AAFB536FF6D67307308C26B40FC2AA1E2844A8941F1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054801A3 Relevance: 1.7, APIs: 1, Instructions: 224COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3b31bace1c7709ed24b8deaf0f96a1929bdab6e0d248b9c06246675b4fc2bf58
                                                                                                                                                                                                          • Instruction ID: c939069cfeea31652d55fdd90419f3e657fa5d4eeca23d0fed89fdb6bf20b4e9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b31bace1c7709ed24b8deaf0f96a1929bdab6e0d248b9c06246675b4fc2bf58
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E341F7A72AC211BEA216F5855B5C4FE676BE6C3730730843BF80BC6602E2D45A4F5131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05530865 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 8ae715c3931501390719cdb6130e6cec55f7820cc00e226295903439adfaffe1
                                                                                                                                                                                                          • Instruction ID: 61428579908029a7a729ee4fdb9b1800bc368e898eb62b9bf7254c1f40197397
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ae715c3931501390719cdb6130e6cec55f7820cc00e226295903439adfaffe1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 164107E750D325BDF352D1956B6AAFB576FF6D63303308826B80FC66A1E2844E4941F0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05530892 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: bef16bb5e1965a76a9e39839fc50c32973e226f76a4e97c16570c53c2639ced2
                                                                                                                                                                                                          • Instruction ID: 345bfd7057128d02643a3ab43ffa6292036c7f63c09b781531a71e10886f2eec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bef16bb5e1965a76a9e39839fc50c32973e226f76a4e97c16570c53c2639ced2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A241F3EB50D325ADF351D1856B6AAFB636FF6D63303308867B40FC6AA1E2844E4941B0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0553087F Relevance: 1.7, APIs: 1, Instructions: 219COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 194118c646fad6676313617071c829804bce0e698cf5800b793f11a392524911
                                                                                                                                                                                                          • Instruction ID: 22f935343013a48d76b6ead5970ff4920d0f569e3b4f4bf0700a2bab9734ff4b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 194118c646fad6676313617071c829804bce0e698cf5800b793f11a392524911
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED4106EB54D315BDF311D1856B6AAFB536FF6D67303308827B40FC26A1E2844E4941B1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480198 Relevance: 1.7, APIs: 1, Instructions: 212COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f694e3efb489410bf9cfd1deab691dfc48fe7a64a972e7f351c9a9a21acc00a2
                                                                                                                                                                                                          • Instruction ID: 7bb516815d5a0bbdc0a8e17eafb4201b972a6c7dab9e340f6fce6ddb4d6c964d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f694e3efb489410bf9cfd1deab691dfc48fe7a64a972e7f351c9a9a21acc00a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6041D4E71AC211BEA256F5852B5C9FE666FE6C3730730843BB80BC6642E2D45A4F1131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054801C0 Relevance: 1.7, APIs: 1, Instructions: 211COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6d600d1ed8c3c3a571fbfda5c61e8283b7dc8e2817843038cfde3f190adff27c
                                                                                                                                                                                                          • Instruction ID: c8e3db48b2b3a8ecbb5f4ea4ef8c953c3e6fb71e2bac5033977453f48389e6e4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d600d1ed8c3c3a571fbfda5c61e8283b7dc8e2817843038cfde3f190adff27c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F41F3A62AC211BEA246E1852B5C9FE676FE6C3730730843BF80BC6642E2D45A4F1131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054801EC Relevance: 1.7, APIs: 1, Instructions: 211COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 0473d0f996872987d47528d49fedc6909ebffd743fd44a6251ca291c8995b631
                                                                                                                                                                                                          • Instruction ID: 17a748fbd812b7ae4ed975e21537847157c06d235f09f6c80771b2b897f088af
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0473d0f996872987d47528d49fedc6909ebffd743fd44a6251ca291c8995b631
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F64116A72AC211BEA216F5952B5C9FE676FE6C3730730843BF80BC6642E2D45A4F5131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0548022E Relevance: 1.7, APIs: 1, Instructions: 207COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 57f8197782a34f5633db2ba2d98065cbcaf7550aa9ac1fa098c2645bff3a71c4
                                                                                                                                                                                                          • Instruction ID: d83d6d83d89da0625674bcdb6d4f140e94ec4f946e7438eb3a49a644a70c0762
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57f8197782a34f5633db2ba2d98065cbcaf7550aa9ac1fa098c2645bff3a71c4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6341D3A72AC211BEB256E5852B5C9FE666FE6C3730730843BB80BC6642E2D45E4F1131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 055308FF Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: f9adf199bb5b3314c0c77ade6661266bd59afd63f747eeec437dd5430f0def21
                                                                                                                                                                                                          • Instruction ID: 4d16a741b91c74e8a6ab4221cdafea95003513213cad486bed08932d23fa87eb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9adf199bb5b3314c0c77ade6661266bd59afd63f747eeec437dd5430f0def21
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B41F5EB54D325BDF351D1956B6AAFB536FF2D63303308826B40FC6AA2E2844E4941B0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480201 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 436265ba41aff688423ca4dc9f8cd2e3742355cad77d18fa88dc591307ef1d2c
                                                                                                                                                                                                          • Instruction ID: 55d266028d3df4a253a5ce953772ae1553ba651f2e18ffa3d6f8ab200d18d075
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 436265ba41aff688423ca4dc9f8cd2e3742355cad77d18fa88dc591307ef1d2c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C941E5A62AC2117EA256F1952B5C9FE676FE6C3730730843BF80BC6602E2D45E4F1131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054801DE Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fd047d9f2311ec9656d484f2ac1211819e3b515e8b9915b6d90aafa95ed4fdce
                                                                                                                                                                                                          • Instruction ID: 4c69d1a3dd3bb65d601400ff7a8015da17338eb0bbc2b590310f01b72d6ce5fe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd047d9f2311ec9656d484f2ac1211819e3b515e8b9915b6d90aafa95ed4fdce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9441E5A72AC211BEA256E5952B5C9FE676FE6C3730730843BF80BC6642E2D45E4F1131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 055308C0 Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: ccbbb740e7fbc3b1d6a48489d2675f2c3b8d5dd747ce294232b143badf60d286
                                                                                                                                                                                                          • Instruction ID: 6e669c13a0a4216dc5521febed82080d1a23a8da304d7c41709521a9a46c69da
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccbbb740e7fbc3b1d6a48489d2675f2c3b8d5dd747ce294232b143badf60d286
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB41E4EB54D315BDF351D1856B6AAFB236FF5D63303308826B40FC6AA1F2844E4941B1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C5303C Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00C531C1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                                          • Opcode ID: 266c00d2e8aa3970cd6f14b3a73af46de182e4594397c25e364e1c02c2fe2c76
                                                                                                                                                                                                          • Instruction ID: 2f910d6070fc6dcf3a6f43a6a46a6756726afa3772d3c33f8de3098e9a658857
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 266c00d2e8aa3970cd6f14b3a73af46de182e4594397c25e364e1c02c2fe2c76
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2061D475D00159AFDF11CFA8CC84AEEBBB9AF49345F140145EC14AB242D732DB899BA8
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0548025F Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5f3d10bc3fca4bd5f2ef6a1e27c0783fe21b42b42725b511da0019aa901f1205
                                                                                                                                                                                                          • Instruction ID: 27267492ff94b11a071fb9fc6eccbdf2455ec61ea8efadbc6ea171ff0615f3a0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f3d10bc3fca4bd5f2ef6a1e27c0783fe21b42b42725b511da0019aa901f1205
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C41D3A62AC221BEA246E5856B5C9FE666BE6C3730730843BF40BC6642E2D45E4F5031
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480243 Relevance: 1.7, APIs: 1, Instructions: 188COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: 51baecd100a7c942e4fb304209dca55ad95e66794820e0e87c74fdc0949a1c29
                                                                                                                                                                                                          • Instruction ID: 9a415e95d28cfd9f4f01a556dddaa1c111633a215c35e4e53bf6766934c580fe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51baecd100a7c942e4fb304209dca55ad95e66794820e0e87c74fdc0949a1c29
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D41F4E62AC211BEB256E5812B5C9FE676FE6C3730730843BF80BD6642E2D41A4F5130
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480223 Relevance: 1.7, APIs: 1, Instructions: 186COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: c25cd12646677bab974d77b7fe9818e8aecddc8af355f96f4b97d83f46827629
                                                                                                                                                                                                          • Instruction ID: cc8e49588c815dfc68d5d8a6425e83e6f6f7c8a1c4f9bf0bb9f5fc828592c723
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c25cd12646677bab974d77b7fe9818e8aecddc8af355f96f4b97d83f46827629
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5131A3A72AC211BEB256E5852B5C9FE676FE6C3730730843BF80BC6642E2D45A4E5131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480330 Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: 49e8c35306f2bd7c46e86b4426f1ef6d505e8e12e2479dafb44b3352bd141aba
                                                                                                                                                                                                          • Instruction ID: 84492827491f0233b1b95a61c7629e66ef06ac063a34629c991452c2235b3b23
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49e8c35306f2bd7c46e86b4426f1ef6d505e8e12e2479dafb44b3352bd141aba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 253123E626C6107FB202E5952B5C9FE2B6FE6C7B30730847BF80BC6202E2945A4F5131
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480285 Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: 65ec605bd258b671d3739bd46d461ca71826ef4cf113326c1c7b5193099b6db2
                                                                                                                                                                                                          • Instruction ID: 6cf6fc4bf9cdf1b47082bc758293026e8ed67c4d3ecf28c7923c17c3235c30b2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65ec605bd258b671d3739bd46d461ca71826ef4cf113326c1c7b5193099b6db2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9931B5EB29C2217EB256E5952B5C9FE666FE6C3730734843BF40BC6642E2841A4F6031
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 055308EE Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 6fb2f00f075f7bc6026f6d9c9f155f6be2a44fc8f52518ef7e35a16a5fb7b0f8
                                                                                                                                                                                                          • Instruction ID: f18bec324ca32494ac8560243284c271e85afa098d2dc1d86d3b9e5a8ce5dab4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fb2f00f075f7bc6026f6d9c9f155f6be2a44fc8f52518ef7e35a16a5fb7b0f8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD3128E754D315ADF312D1956B6AAFB236FF6973303308866B40FC7AA1F2844E4581B0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0553091B Relevance: 1.7, APIs: 1, Instructions: 169COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 57e1c26415c6c878f33e2d5c85c7c4be38ced00617d17e4655dbce9fa306ebb4
                                                                                                                                                                                                          • Instruction ID: 32f75d7a9a54786c58196fcb9da30bb6d9c143c5fc1092d605e31bdb3c8a9bbd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57e1c26415c6c878f33e2d5c85c7c4be38ced00617d17e4655dbce9fa306ebb4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A53148A754D315AEF312D5956B6AAFB276FF6D33303308866B40FC7AA2E2444A4581B0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054802DB Relevance: 1.7, APIs: 1, Instructions: 162COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: ff55e38205d74659f9563c556221405ec31bd300040ba6077d412cba88b4ccf1
                                                                                                                                                                                                          • Instruction ID: 806cd69c45e7154cd1144b99efc870bf8f58172f0275d71cf34aeff1ec031012
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff55e38205d74659f9563c556221405ec31bd300040ba6077d412cba88b4ccf1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C3104F629C2117EB212E6916B5C9FE276FE6C3730734843BF80BD6642E2944A4E5130
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054802C0 Relevance: 1.7, APIs: 1, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: 4533f293cf22ffc317d530a2ed436c32d8435eb42123bfff8a5bef3fe770efbb
                                                                                                                                                                                                          • Instruction ID: 40533b80dd6b1a91a39a42fcfb4972e1e02669876b6799191fe29aa156af020c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4533f293cf22ffc317d530a2ed436c32d8435eb42123bfff8a5bef3fe770efbb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F31B4EB2AC1117EB256E5952B5C9FF676FE5D3B30730843BF80BD6602E2945A4E2030
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054802AE Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: 30920ea78edf8959e1a9750438350f2af53ea6420d5c26ff2e0fd3ab99f73a22
                                                                                                                                                                                                          • Instruction ID: 83599839969e4b23b7642431228ab60fe6ad9bffc51dc53ebcc03ced6a9a6991
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30920ea78edf8959e1a9750438350f2af53ea6420d5c26ff2e0fd3ab99f73a22
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9431C3EB2AC2107EB246E5952B5C9FE676FE6D3730730847BF80BD6602E2941A4F5130
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C424E2 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f53b2ac5003b70fbb03ccae74af7e6843a0eb3cc1b668e9536f04c6a9bc0d1d4
                                                                                                                                                                                                          • Instruction ID: 700b0b0ee5f7bc70c535c5a6367efae6940dfcd9b074f73d6a5a40a7ad482fb4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f53b2ac5003b70fbb03ccae74af7e6843a0eb3cc1b668e9536f04c6a9bc0d1d4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B051E170A00208AFDF14CF58C886AEDBBB1FF89364F658159F8599B252D731DE41DB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054802C9 Relevance: 1.7, APIs: 1, Instructions: 156COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: f5dbd76b447aab1a63dd358a4165a848d3450b4886c7661549887673f6a903ce
                                                                                                                                                                                                          • Instruction ID: 49a1debe802caed95cc52091f0ce2d11f6967798e60d2719b64a35c3a91a39dc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5dbd76b447aab1a63dd358a4165a848d3450b4886c7661549887673f6a903ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B31F7EB2AC1107EB206E5952B5C9FE676FE6D3730730843BF80BC6602E2941A4F1130
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BC8000 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 00BC8136
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Initstd::locale::_
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1620887387-0
                                                                                                                                                                                                          • Opcode ID: d0c02cbbf5085a6d6b211f71063d52057ceefff655cffb01ec26f619158bf410
                                                                                                                                                                                                          • Instruction ID: ebe54f3c8c6e4606dc2ea1a228e21d4a6c36d7c862c9cae58a41452d9dc9a467
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0c02cbbf5085a6d6b211f71063d52057ceefff655cffb01ec26f619158bf410
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 405198B0600605AFE714DF18C999B5AFBF4FF48714F148269E8098BB81D7BAE954CBD0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480367 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: 31b861a9410a5748aa2621daae1ba01c264ee402fb27521cea370d00fc4c6b4d
                                                                                                                                                                                                          • Instruction ID: 19a72e28305fb738524c50c8c84c4f78881ca1d193c56d7d835aaec1a3bd9bfa
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31b861a9410a5748aa2621daae1ba01c264ee402fb27521cea370d00fc4c6b4d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A31BBEB2AD2117EB256F5952B5C9FF266FE5C3B30730843BF40BD6602E2945A4E1030
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05530961 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 370775f96817894758f1d2eb0097d8844f3973eada95733f82a775d74a8b9c02
                                                                                                                                                                                                          • Instruction ID: 704e8002e718a8228675582d973f9b4eba3bbfa86c0aeb4dea753100dd427030
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 370775f96817894758f1d2eb0097d8844f3973eada95733f82a775d74a8b9c02
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB3135B754E311AEF341D1956B6AAFB236FF6D63303308866B40FC7AA1E2944E4581F0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0553096D Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentHwProfileW.ADVAPI32(?), ref: 0553097A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1863958622.0000000005530000.00000040.00001000.00020000.00000000.sdmp, Offset: 05530000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5530000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentProfile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2104809126-0
                                                                                                                                                                                                          • Opcode ID: 43d68f0dbb6c27dbea884652a55021b80766922638a830b7c572053372fc996f
                                                                                                                                                                                                          • Instruction ID: d4c23420b267d1901f7c41218c08b9aa4d13c9abc398116fe440bfb5b9ebcb06
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43d68f0dbb6c27dbea884652a55021b80766922638a830b7c572053372fc996f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD3104B750D311ADF352D6956B6AAFB236FF6D63303308826B40FC7AA1E6544E4581B0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BCBAE0 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00BCBC31
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 118556049-0
                                                                                                                                                                                                          • Opcode ID: a066790560222885594433cb6b58c602ee2503f39489121afce0eb0891945226
                                                                                                                                                                                                          • Instruction ID: f144bac0abb4fcd866cc23b97a9894358233f4a6a286fe41330eda000012b1ed
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a066790560222885594433cb6b58c602ee2503f39489121afce0eb0891945226
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4841E272A001189BCB15DF28D881FAEB7E5EF48310F1406ADE815EB246D731EE219BE1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480395 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: 6e8f3ee8c12b70938dc56c699895e3608610649826446aede9c25704a301767a
                                                                                                                                                                                                          • Instruction ID: 5900086d2ab00823f948cabc2cb4a39940bbc1ce5d734f494c4fb8cfb2a37382
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e8f3ee8c12b70938dc56c699895e3608610649826446aede9c25704a301767a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6621E5EA2AD2217FA216F591175C8FF266BE5D3B30334843BF44BD6606E2845A4E2071
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B62A50 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00B62B87
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 118556049-0
                                                                                                                                                                                                          • Opcode ID: 303e60e95bbcad53e281fa607087d8aa6c5b58bbc7119de9b5875950056220bc
                                                                                                                                                                                                          • Instruction ID: 15a9b9af55acb0eda52187146db493ad8b39ca6cde791f2fa558fcfef365ae10
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 303e60e95bbcad53e281fa607087d8aa6c5b58bbc7119de9b5875950056220bc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1413872B004019FD718DF7CCCC596DB7E9EF84310B1886A8E819CB385EA74ED0187A0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00B62910 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00B62A42
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 118556049-0
                                                                                                                                                                                                          • Opcode ID: a020844c8c3bcbe0bc194d92afa7114a595efdf41ae04529492ef66cf7cadfa9
                                                                                                                                                                                                          • Instruction ID: 15fb90027505c7922647d6371f62251f00ef5d480c87f57d68393726d4448404
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a020844c8c3bcbe0bc194d92afa7114a595efdf41ae04529492ef66cf7cadfa9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D413672A006049BEB19DF68C8806AEBBE5EBD4350F1846F9E818DB382D635ED11C7D1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480383 Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: f86f847ebb48bc9b80a4fa2c24e119abaea37aec13e1d46a9b7a3e01c6ad9bc1
                                                                                                                                                                                                          • Instruction ID: f6138f705f4910511604b1ffd9395f0515631b361ec448c3560bd16b6ea68e70
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f86f847ebb48bc9b80a4fa2c24e119abaea37aec13e1d46a9b7a3e01c6ad9bc1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A621C9EA2AD2117EB256E591275C8FF276BE5C3B30334C43BF84BD6606E294594E6130
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054803BA Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: 2c3cc45cddb7466fba8535233de600c27995df4e57a3f63283548dfe9eeff343
                                                                                                                                                                                                          • Instruction ID: 063097d5890539957a3dad48fb870c3f077740c70d577a191e47b1928e2068cd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c3cc45cddb7466fba8535233de600c27995df4e57a3f63283548dfe9eeff343
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F11E7A62AD2517EB216E5A1275C8FF276BE9C3B30334C43BF84AC6606E284590F6130
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054803E0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: 0147ea73418569a8000ddb4d018748482cf8662a8e8f20920a60bb40f59586cb
                                                                                                                                                                                                          • Instruction ID: 4df47d6e521031ca9db3234abaf403dcd5ce8dd7447a41e965b11b64e4324640
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0147ea73418569a8000ddb4d018748482cf8662a8e8f20920a60bb40f59586cb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC11E9A62AD2117EB256F1A12B5C8FF366BE5C3B30334C43BF40BC2606E684590E6071
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054803FC Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: fae4060cf63cf7b507bdf90a436ee9b949ea2fb2c5a34570aa05f2f882bb6f36
                                                                                                                                                                                                          • Instruction ID: 7777552fb4a32363ed863e01f1b41791438d813303548598e4f9205f544f6c1e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fae4060cf63cf7b507bdf90a436ee9b949ea2fb2c5a34570aa05f2f882bb6f36
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B11E5F62AC2217EB256E5916B5C8FF37ABE5C3B30334C43BF846C2606E294590E2170
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05480407 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,?,?,?), ref: 05480437
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862342198.0000000005480000.00000040.00001000.00020000.00000000.sdmp, Offset: 05480000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5480000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: NextProcess32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1850201408-0
                                                                                                                                                                                                          • Opcode ID: b579bd09f6eef1ee2da273c0aae8f7c2c47c06c530d11cc29826fef395cd453d
                                                                                                                                                                                                          • Instruction ID: 8c4af6cabf55d1ad6e2151b7e49a25c7c138b9cb49d0b934b649bc77535052d8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b579bd09f6eef1ee2da273c0aae8f7c2c47c06c530d11cc29826fef395cd453d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7901E5B62AC3217EB206E59127588FE22ABE9C3B30334C43BF446C2606E294590A2170
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C4BBFC Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,?,00C4BD06,?,?,?,?,?), ref: 00C4BC38
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                          • Opcode ID: 3530de1ed6113a63452486f4ab1261e00a1b87b789a5046c0e947e769f9a02eb
                                                                                                                                                                                                          • Instruction ID: d33f891bcf481805d7020e839321e23b01db98a167763c83aae0a2d41e7e83b6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3530de1ed6113a63452486f4ab1261e00a1b87b789a5046c0e947e769f9a02eb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9501D632A10515AFCF19DF59DC899AE3B59EB81320B240209FC119B291EF71DE519B90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00BCEB90 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00BCEBE4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 118556049-0
                                                                                                                                                                                                          • Opcode ID: 45fbaf2ee286f8bf2b17fb06d6875e83cbba74b87cc1d374594b7add5889ce62
                                                                                                                                                                                                          • Instruction ID: 47c3002fa9189eb1f10efc231ff403d5f9287cde21e6926d4106c51c2f09e925
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45fbaf2ee286f8bf2b17fb06d6875e83cbba74b87cc1d374594b7add5889ce62
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66F027B24041088AE718E76095C2E7EB3C8CE60350B4444FEF42AC7652EB2AFD69C216
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C549CD Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,00C3E21B,?,?,E8658904,?,?,00B62D8D,00C3B29C,?,?,00C3B29C), ref: 00C549FF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                          • Opcode ID: 9ff91a10c4af849db595d220fcad2a54862cc610da69ea2e53a3f3813f89d776
                                                                                                                                                                                                          • Instruction ID: 47efd3329ca9798beba4002f49926f1de2b6e442103ecf583f71d3599db89cd8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ff91a10c4af849db595d220fcad2a54862cc610da69ea2e53a3f3813f89d776
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75E02B395C029066D63B26654D06B5F364C9F413B7F250221EC24970D0DB10CDC4A1ED
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C54953 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,?,00C4B38E,?,?,?,00C3E241,00000000,?,E8658904,?,?,00B62D8D,00C3B29C), ref: 00C54969
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                                                          • Opcode ID: ba846a4bc5af9a82614dc75a55b4da3f0ecea7eed998e1f1c6008dce8d129518
                                                                                                                                                                                                          • Instruction ID: 4c5917ce14cbd768e512565e32dd21c7709113fbe3b637510eb683232d25a98d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba846a4bc5af9a82614dc75a55b4da3f0ecea7eed998e1f1c6008dce8d129518
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71E0C2315416086ACB263BB99C0EBCA764EAB00B5AF250421FD089A460DA358E959785
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C4CCC9 Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ExitProcess.KERNEL32(?,?,00C4CCC3,00000016,00C42143,?,?,A5C63CEB,00C42143,?), ref: 00C4CCF3
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 621844428-0
                                                                                                                                                                                                          • Opcode ID: d254710402e7530ef57c02a159f388ee11f4990b1bd3a1bbea0f5c8206d05b58
                                                                                                                                                                                                          • Instruction ID: 451af74cc05aaa83ee1f762f2bb8e28d665f43ace24b8649d8177e4ba1990625
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d254710402e7530ef57c02a159f388ee11f4990b1bd3a1bbea0f5c8206d05b58
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DD052201821082ACEA43F22C8999887E0AAF82280F205021BC8C0B272DF229A42A690
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00C3B4A4 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindNextFileW.KERNELBASE(?,?,?,00B6646F,?,?,?,?,?,?,00C80624,00000001), ref: 00C3B4AD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1845283802.0000000000B61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845084107.0000000000B60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1845283802.0000000000C93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846629795.0000000000C97000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000C9C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000E1E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000EFC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1846741923.0000000000F4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1849198664.0000000000F50000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850114088.00000000010ED000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000000.00000002.1850528788.00000000010EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b60000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFindNext
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2029273394-0
                                                                                                                                                                                                          • Opcode ID: 31eb9dfa2040c7ca2a7dca2d5bd390ace7b24fbabbd6761e63177ed21efcf348
                                                                                                                                                                                                          • Instruction ID: eed51d34c585c9d4c7c18c62d813afad91eb62574fef2e6c85a5196984bd18dd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31eb9dfa2040c7ca2a7dca2d5bd390ace7b24fbabbd6761e63177ed21efcf348
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96C0803126510C75CB01B5E38C0C495764D9F01750F105416BF5D81012DF23DD1497A5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460A02 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6d7e72979737a2722775c043a6b355d824bbc87d7b62eb2fdde3728ff9cadceb
                                                                                                                                                                                                          • Instruction ID: 690a23fb6c675b7963231997147c724b07e73c9ce40da5770d24ac9465c5baee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d7e72979737a2722775c043a6b355d824bbc87d7b62eb2fdde3728ff9cadceb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 788106EB54D220BDA256C5916B5CBFA6BBFEAD73303308467F40BD6602E2944A4B5133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460A68 Relevance: .4, Instructions: 373COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8f5bd7e018184dd36f6148a4fd85094d97e88feba44561f6416a2f5eb2ec81a8
                                                                                                                                                                                                          • Instruction ID: 39e74d5d81e061f27f2bc120f9f9527e1ecfc5a9e0e4ed46cac564d922596776
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f5bd7e018184dd36f6148a4fd85094d97e88feba44561f6416a2f5eb2ec81a8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C71CFEB54C124BDA256C1856B5CBFA6B6FE6D77303308527F80FD6602E2D40A4B5133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 054609B3 Relevance: .4, Instructions: 364COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ad83ee685b6cba289c92f34fc8eab1fea8b9b5ec3600badb0654ac344984eca7
                                                                                                                                                                                                          • Instruction ID: 307c85236c35fd7fbc28d65094167454e6694edd9b3eaab18f72ed7dcf38c648
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad83ee685b6cba289c92f34fc8eab1fea8b9b5ec3600badb0654ac344984eca7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B71B0EB54C224BDA256C1856B5CBFA6A6FE5D73303308567F80FD5A02E2D44B4B1133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460A6E Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 495875a82e12130d45d83329380ac8e80eb7d75dfdb95bee2c4152ee80363e0b
                                                                                                                                                                                                          • Instruction ID: 058c064a8e6f89661f6b82a1d07a960bf7e709fbc2665959741f63e6abb348d6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 495875a82e12130d45d83329380ac8e80eb7d75dfdb95bee2c4152ee80363e0b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C471D1EB54C124BDA256C5856B6CBFA6B6FE5D77303308527F80FD6602E2940B4B5133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460AE1 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 57bd88513d88e08287accc6acb1676196e9c5fe03a5732e2362e895dad120009
                                                                                                                                                                                                          • Instruction ID: 6476aed28248c05fdeff9a7c16c4e95a40af105e50228335c05bc336f198cf78
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57bd88513d88e08287accc6acb1676196e9c5fe03a5732e2362e895dad120009
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF51B0EB54C224BDA156C1816B6CBFA6B6FE6C77303308567F80FD5A42E2940B4B5133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460AEB Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 05764187990cae23963bfdbf23b6083fdf7d614c49d20c0625834be4c3012eec
                                                                                                                                                                                                          • Instruction ID: 29077ca1d09049d74d37e20f4f9496602f7e67291e3906e94765ba4caeccb829
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05764187990cae23963bfdbf23b6083fdf7d614c49d20c0625834be4c3012eec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6951DFEB54C124BDA156C1816B6CBFA6B6FE6C77303308527F80FD5A42E2980B4B1133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460B0F Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3e7d277bb6590bf067fdcd213eb1cf8c392589497973999e79be836b455c0b15
                                                                                                                                                                                                          • Instruction ID: 25a49e42cf728f5b403394ebcf11ffe68ae555378323d078c714da0a22929c66
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e7d277bb6590bf067fdcd213eb1cf8c392589497973999e79be836b455c0b15
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3751BFEB54C124BDA256C1856B6CBFA6A7FE6C77303308527F80FD5A42E2944B4B5133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460B24 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 67be43faaeec3ba9ed2ceab95530f7881a968e7b4fed4186c281c08c5409a0fc
                                                                                                                                                                                                          • Instruction ID: c45d3666cf697bedb3cb3256bf32f3927e96257fb64abbae9918a6a60ec52407
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67be43faaeec3ba9ed2ceab95530f7881a968e7b4fed4186c281c08c5409a0fc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A151DDEB54C224BDA256C1816B6CBFA6B6FE6C77303308567F80FD5A42E2944B4B5133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460B38 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f43a04aa0c4e40e59176d55dd860d513911feab1170e5552cfcff8221fb132d7
                                                                                                                                                                                                          • Instruction ID: 7aece01aa149ea974dd614445bfc61d4fdbdcd9e016eeceb67dfa5c91a4be053
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f43a04aa0c4e40e59176d55dd860d513911feab1170e5552cfcff8221fb132d7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05518DEB54C124BDA156C1816B6CBFA6A6FE6D77303308567F80BD5A42E2944B4B1133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460B83 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 87ac1005c309735bb4c948cab89ea9171eb60f939ca56b90dc3607185c0df9ed
                                                                                                                                                                                                          • Instruction ID: 419ec47125d7404edfa0cdb7024c83d4e985d253838b7d408496436dad7cbd04
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87ac1005c309735bb4c948cab89ea9171eb60f939ca56b90dc3607185c0df9ed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E351D0EB54C224BDA256C5816B6CBFA6B6FE6C73303308567F80FD5A42E3944A4B5133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460B75 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 917b2a3078fefbffaeb1533b5ae971e5d3bc43d449b0fcca319600454c23eb71
                                                                                                                                                                                                          • Instruction ID: e7ebe1e7287ed5c602755069314d30bb8aba4afb1adf94cbb2ca48946058364b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 917b2a3078fefbffaeb1533b5ae971e5d3bc43d449b0fcca319600454c23eb71
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B4110EB54C224BDA256C181576CBFA6A6FE6D73303308567F80F95A42E3984B4B1133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460BB8 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: df799e5047e5685876896aed7582ff75f0a9110afde2351387270026a98c103e
                                                                                                                                                                                                          • Instruction ID: 7d1b9ef5186a761c4b20ad55b30fea7b9c8c3588e84f78cbbd0909f50de2fe83
                                                                                                                                                                                                          • Opcode Fuzzy Hash: df799e5047e5685876896aed7582ff75f0a9110afde2351387270026a98c103e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4041F2EB44C220BDA266C185576CBFA6B6FE6D73307308167F80FD5A42E2984B4B1133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460C0D Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c35fb34382fa8e6e1512f402aea5bcd2fa7b690a2df29b5150f1f159f105f8ba
                                                                                                                                                                                                          • Instruction ID: 648e67a5cfa618b939ab54592a0d0c83bd82f712e0f5fa15a3705b060717ef25
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c35fb34382fa8e6e1512f402aea5bcd2fa7b690a2df29b5150f1f159f105f8ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7416BEB94C220AED267C650876C7F67F7BFA972307304557E80F9A642E2945E4B4123
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460BE6 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: abf60401a2092c678e3dace9f2d4f9e25a2d155c6e95c32283e48db002a32d5d
                                                                                                                                                                                                          • Instruction ID: 117f82bc795c9e35adb0802830ebe4823a7cbd8c09d1110b509bfd0b910e2501
                                                                                                                                                                                                          • Opcode Fuzzy Hash: abf60401a2092c678e3dace9f2d4f9e25a2d155c6e95c32283e48db002a32d5d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9141F1EB44C224FDA266C581976CBFA6B6FE6D72307308227F80F95A41E2945B4B1133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460C84 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fb37578804c88a66446a5b9832956be129f353c43771adcdbab5196c76df7bd8
                                                                                                                                                                                                          • Instruction ID: 7e996a043a5348414a25f43a62e390b35e5dd3a8c177d8ce04ec0f5bfb5ee6f1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb37578804c88a66446a5b9832956be129f353c43771adcdbab5196c76df7bd8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A34147FB44C120EDD226C541976C7FA7B7FEBD72307304267E80F96642E2945A4B0123
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460C22 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 1047981ab4394cffff165eb57d40f7025b89c2d148c939c78e6d9ca9cd53f407
                                                                                                                                                                                                          • Instruction ID: 1f275e68479f01b20f2f3ab4569fdc313beaa8d87f8560beec4a366012c00906
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1047981ab4394cffff165eb57d40f7025b89c2d148c939c78e6d9ca9cd53f407
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B74126EB44C224EEE266C541976C3FA7B6FE7972307304267E80F96642E2A45A4B0123
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460CA3 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8d2594a6d855784259a190e415bd5d1025763bcd7b3104ac4bc8248d60956218
                                                                                                                                                                                                          • Instruction ID: 22a2e8acf627ad22b6358457b1f20ca235eb935fae91f3fcd782cffa82af3866
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d2594a6d855784259a190e415bd5d1025763bcd7b3104ac4bc8248d60956218
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD3123EB44C224ED926AC581936C7FA7A7FF7D72307304263E80F96A41E2945B4B0133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460CC7 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6c89dfee15423672d34d013467b706cb81fba7494bae2637f0b1ceaf80d4fe47
                                                                                                                                                                                                          • Instruction ID: 87c32fea8645ea723b67414d265bad4f86eebb30083eb45f5ad20225ca04f08b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c89dfee15423672d34d013467b706cb81fba7494bae2637f0b1ceaf80d4fe47
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 964136EB44C224AD9226C591835C7FA7B6FFBD72307308567F80F96A42E2A45A4B4133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460C54 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 940eb0d3ad83cf160597e1f367cbfdff2ac42cfde168bb3b46464224ac7976c3
                                                                                                                                                                                                          • Instruction ID: b3f94bf9575a9cbbbefe842be734d179d833fa1e40bb11d8e470a3b4328a2764
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 940eb0d3ad83cf160597e1f367cbfdff2ac42cfde168bb3b46464224ac7976c3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5131F2EA44C224ED9266C581936C7FA7A7FEBD73307308167F80F96641E2A45A4B1123
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460C8F Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: fa9a16da5a049232fcca15d76469aeb40c56c8b3881759574b9e0f5d13bc2567
                                                                                                                                                                                                          • Instruction ID: 17d8203137d6f765b2108dbb425259b507ed1b06ae57c7050f4457b425dd8eb8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa9a16da5a049232fcca15d76469aeb40c56c8b3881759574b9e0f5d13bc2567
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A33142FB44C224EDA226C481835C7FA7A6FEBD72307308127F80F96641E2A49B4B0133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460CB4 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7d1fb1cbb598601565d5c34422aa7440ccf14a2d377c367d3278dc3fdfd3080f
                                                                                                                                                                                                          • Instruction ID: d151fa62a89cdb6f9ce27a54050b6c4114b634ed0e9076fed24f7fd2097c5551
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d1fb1cbb598601565d5c34422aa7440ccf14a2d377c367d3278dc3fdfd3080f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB3156EB44C224FD9266D481835C7FA7A6FEBD72307308267F80F96A41E2A45B4B0133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460CF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 79051e8eb7d067084271869dbdeb5c0e544775c7ea9d2141c138c184b7c977a8
                                                                                                                                                                                                          • Instruction ID: a06461a59bc6c28c383dd199f10147ae6acb87384da166c072684cd7272bd068
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79051e8eb7d067084271869dbdeb5c0e544775c7ea9d2141c138c184b7c977a8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 813135FA54C224ADD252C541874C7FA7B2BAAC72307304567F80F96541D2A45A4B4133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460D13 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d7ac3fbbdce9b2dd1296c84a26181cfe64a5d24be20f512bcfdb1efa6fe8ecc0
                                                                                                                                                                                                          • Instruction ID: e485ff90b9dd9c378b982e94b40f945ba4b5d7f5fb8269f8684434ba4ad8fe32
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7ac3fbbdce9b2dd1296c84a26181cfe64a5d24be20f512bcfdb1efa6fe8ecc0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 643134EB44C224ADD262C441835C7FA3B2BEBD7230B308667E80F96641E2A45B4B1133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460D3F Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5131712afc7cfd7c2a18971d0fb643ae3cb9a1073add35d0519d8ac21171ea78
                                                                                                                                                                                                          • Instruction ID: 9ea4a8e013385c0e98bb62cfcb08ca605f48c9dda484efbbf831da07ec2504ea
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5131712afc7cfd7c2a18971d0fb643ae3cb9a1073add35d0519d8ac21171ea78
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE2156BA44C230AED266D541875C7FA7B2BABD72307308567E80F96542D2A86B474273
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460D66 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 7f15f65f30af5999c7dde01eb2a19badf3a1783551870ade31514328402c49b3
                                                                                                                                                                                                          • Instruction ID: 428f2a15d8fcb6ab82a767ee8511beba666991a08eb6d192555a102797e8ab66
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f15f65f30af5999c7dde01eb2a19badf3a1783551870ade31514328402c49b3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3218AFB40C225AED312D15187583FA7B2BEB8B33073084A7E80FD7542D2A49A474173
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460DD6 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e3d19d06bcc64e51886e22c50d83542ac4d7ddb31cc6a96010ced2a851b54405
                                                                                                                                                                                                          • Instruction ID: 3a3c2a120e3bbc62a80cecb508dc6af3d9b45f2d0d2d28bae3f170afccd1ccb4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3d19d06bcc64e51886e22c50d83542ac4d7ddb31cc6a96010ced2a851b54405
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B82132BA90C225AED216D585834C7FA7B2BEB8B23073085A7E80F96541E2A49B474173
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460DB7 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 32026329b7526fa252146d11a56024ab0643139bcc756bd07399146423d8f7bc
                                                                                                                                                                                                          • Instruction ID: 661f83ddf7d3cc3ffa951213d66260c1d477968695a8ac2e6bdfc3cd60270539
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32026329b7526fa252146d11a56024ab0643139bcc756bd07399146423d8f7bc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 532168FA50C235EDD226D481834C7FA3B2BABC7230B3041A7E80F96642D2A49F870133
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460DF8 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 22c5328381e3c91302bd5aada03a49fdeb2e3ba56dd1d5970a214872af3301e3
                                                                                                                                                                                                          • Instruction ID: 6a1c655860bfc3c791ac7ab8d51002680f8e49ae291a0dcbecb24dea47dac78b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22c5328381e3c91302bd5aada03a49fdeb2e3ba56dd1d5970a214872af3301e3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F72138FA508235ADD616D441834C7FA7727EBC623073185ABE40F96142D2A4AE474263
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460D90 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8f141c47a8667f49fbdbd2487b6f7ce1e25633ddf4f3653e3c878dce8e78e9e4
                                                                                                                                                                                                          • Instruction ID: 83490b43115a6d4e55fcc513cc464808c36099cb31edcea12f9a00ea909fd7da
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f141c47a8667f49fbdbd2487b6f7ce1e25633ddf4f3653e3c878dce8e78e9e4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A2126BA90C225EED316D541834C7FA7B2BFBD723073184ABE80F97541E2A49B465273
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460DA4 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e2ae6b34109d8b651db722ab8f91878992f9e1107561223dbf05b4d21e30e0aa
                                                                                                                                                                                                          • Instruction ID: ab8932ccde47f99df94994d6c301f20097c4f36b79c9ec1c3a14812b59c49793
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2ae6b34109d8b651db722ab8f91878992f9e1107561223dbf05b4d21e30e0aa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 641135FA90C225AED316D541835C7FA3B2BEBC723073080A7E80F96541D2A49E475233
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460DE6 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 340989143083cbb5a9f8e264b2bfd295e529558a942d221d0f6a903f02aff271
                                                                                                                                                                                                          • Instruction ID: 07c65fc2b4a7a6371a7b4989eb8f33ed40b1d36a23b78265d89b4df2d36f05f5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 340989143083cbb5a9f8e264b2bfd295e529558a942d221d0f6a903f02aff271
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B1134BA908225DDC212E581C38C7FA7767EB96330B3184A7E80B96441D2A59A474263
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 05460E57 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000002.1862082630.0000000005460000.00000040.00001000.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_5460000_SecuriteInfo.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 797a51430d26fff397ef3a5f99f8c92fa13e6b1050ce211958c62af21b85b755
                                                                                                                                                                                                          • Instruction ID: b0af33252cae9aadc2fa6bff203fd00ea663687ce8b23e255e715453b18ba728
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 797a51430d26fff397ef3a5f99f8c92fa13e6b1050ce211958c62af21b85b755
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92F02BFA00D12AECD702D581931C7FF672BE6C6330B3184A7F40BA104092D44F464137
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%